Increasingly, healthcare data is being transmitted on the internet. Doctor’s offices are asking, “What will we do when we have a cyber attack?” It’s not a matter of “whether” the office’s information will be hacked, but “when.” Many doctor’s offices – large and small – are evaluating their HIPAA compliance plans and buying cyber insurance to protect against this huge risk.
“The Experian-Ponemon report found that of the health care organizations surveyed for the study, 77% said cyber risk insurance was important. Of those that made a claim against a breach event, 97% said the experience was good or excellent.
As more health care organizations become victims of breaches, awareness and interest in data breach insurance have grown, said Holly Moriarty, small commercial business marketing director for outpatient health care at the Hartford, an insurance company based in Connecticut that sells breach coverage.
NetDiligence, a cyber security firm that conducts risk assessments and data breach services, published a white paper in October 2012 in which it analyzed 137 events reported to breach insurance underwriters between 2009 and 2011. Health care and financial services topped the list as the most frequently breached sectors. The report said the average cost per breach was $3.7 million, the majority of which was legal damages. This figure was lower than the figure calculated by the Ponemon Institute, a data privacy and security researcher in Traverse City, Mich. Its May report, “2013 Cost of Data Breach Study: Global Analysis,” put the average cost per breach in the U.S. in 2012 at more than $5.4 million, or $188 per breached record.”
Has your doctor’s office considered buying cyber insurance? Has your office performed a risk analysis on your IT systems? This is a requirement of your HIPAA compliance plan. Have you updated policies and procedures to keep up with the pace of changing technology?
CMS is currently expediting a new rule that will require “breach notification” to the federal government within an hour of a breach. Do you have a system that will notify you of a breach immediately. A review of your current HIPAA plan along with consideration of buying cyber insurance should be on your agenda for your upcoming doctor’s meeting.