Cyber Liability Insurance – is it really necessary?


In the news nearly daily there is talk about a data breach, a hacking incident, or a cyber crime. Most practices do not think about this until it happens to them, unfortunately it could be devastating. Most experts now state that it is not IF this happens to you, but WHEN. The costs associated with a breach are widespread, see below for some examples.

  1. notification costs (postage, call center, toll free numbers, etc.),
  2. remediation costs (network scans, forensics, etc.),
  3. reputation management (online and in print),
  4. depending on the cause of the breach, you may encounter fines and penalties.

According to the Ponemon Institute, medical breaches are more costly ($408 ) than other small businesses ($148) per record. For example, if you have 5,000 patient records and you can’t determine which of the records were accessed or compromised you must notify all of the patients. That equates to $2,040,000.00. The main cause of data breaches were 48% due to malicious code or criminal attack, 27% due to negligent employees or contractors (business associates), and 25% due to system glitches and business process failures. When it comes to reputation management, this is critical after a breach. Especially in health care since it has the highest rate of churn because patients have more choices.

We are taught to be proactive with our health. We exercise, eat right, and make sure we get enough sleep. We see our physician to make sure our blood work has the correct levels and we have tests performed to catch any early detection of disease.

We should do the same for our business. Just think what would happen to the business side of a medical practice if their data was compromised, stolen, or encrypted. Most small businesses do not survive after a data breach. Here are some helpful hints to protect your practice and your business:

  1. Conduct a network security audit to ensure your network is as secure as possible.
  2. If you do not have an enterprise firewall, add one to your network. Be sure to have custom security policies implemented on your device.
  3. Review all of your computers and be sure to use business operating systems, antivirus/malware, and software.
  4. Work on your Risk Management Plan, understand your vulnerabilities and mitigate them to the best of your ability.
  5. Education. Keeping all staff including the physicians educated on safe computer practices and only permitting work related surfing on company computers. Knowledge about the dangers and consequences of their actions can greatly reduce the chance of a breach.
  6. Make sure the business associates that you use are HIPAA compliant. When you use other companies to assist you, it is the responsibility of the practice to ensure they know how to protect your data.
  7. Invest in cyber liability insurance. Cyber liability insurance covers the cost of notifying patients, data restoration, extortion, and reputation management. It is best to obtain a policy from a knowledgeable agent that specializes in this area since there are many variables in this type of coverage. Also, may sure you read the exclusions. You may not have the coverage you think you do. Many medical malpractice or general liability policies have small token amounts included, this is NOT enough. Review the number of medical records, paper and electronic and insure them accordingly.

To find out more about how our automated HIPAA compliance platform can help your organization click here:

Or to schedule a demo click the contact us tab and scroll down.

“Simplifying HIPAA through Automation, Education, and Support”


About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

Malicious code, websites, and data breaches

March 15, 2019

Is your employee handbook up-to-date?

June 17, 2019
©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC