Industry-Specific Exposures = Increased Cyber Risk for Healthcare Industry
The healthcare industry is among the four most at-risk industries for cybercrime. To prepare for the eventuality of a cyber incident, healthcare organizations must assess the numerous industry-specific risks they face.
The experts at ProWriters Insurance have identified the top cyber risks to healthcare organizations as they continually work with brokers and agents to offer insurance solutions optimized for the industry. We offer access to cyber insurance packages that include critical risk management support and data breach response services designed to mitigate these exposures and protect vital healthcare data.
Risk #1: High Black Market Demand for Electronic Medical Records
Medical data is highly valued on the black market, making hospitals a primary target for cybercriminals. According to a report released by the FBI’s Cyber Division, criminals can sell healthcare records for 50 times the price of a stolen social security or credit card number.
Criminals can use medical information for a wide variety of illicit activities. With this information, criminals can:
- Create fake identification cards
- Gain access to medical equipment or medications
- File medical claims with insurers
Electronic healthcare records are also more valuable because they are difficult to detect. On average, it takes about twice as long to uncover theft of electronic medical records as it does to detect typical identity theft. This gives cybercriminals a larger window of time to sell or use the information. It’s also more complicated to resolve medical identity theft than something like credit card fraud, which typically involves a fairly straightforward process of canceling the card and disputing the fraudulent charges.
The versatility of electronic medical records for cybercriminals and slow detection times means they are a serious cyber risk for healthcare organizations. For this reason, healthcare organizations are a high-value target for hackers.
Risk #2: Bring Your Own Device Policies
Many healthcare providers are allowing Bring Your Own Device (BYOD) policies. Survey data suggests over 80% of healthcare providers allow their doctors, nurses, and other medical staff members to bring their own mobile devices to work. While this practice brings convenience and even efficiency to the healthcare industry, it also brings increased cyber risk.
46% of surveyed healthcare organizations share that they are taking no steps to secure personal mobile devices. And it’s not because organizations don’t recognize the need; more than half of respondents say they do not believe those mobile devices are secure at all.
BYOD policies are a serious healthcare cyber risk because they increase the access points for criminals to steal data. In 2013, AHMC Healthcare in California lost over 700,000 patients’ data when two laptops were stolen. Horizon Healthcare in New Jersey experienced a similar incident when two laptops were stolen from their Newark offices, exposing as many as 690,000 patient records. In both cases, the stolen laptops were password protected but not encrypted.
BYOD policies are now a common practice in hospitals and healthcare organizations, and this trend, coupled with the high black market value of medical records, makes the healthcare industry a vulnerable and attractive target for cybercriminals.
Cyber risk literacy is the best defense against the risks posed by BYOD policies. For this kind of exposure, ProWriters offers access to risk management and loss prevention services. These services include preventative measures, educational materials, and cybersecurity tools from the top vendors is risk management—all designed to prevent a breach from occurring. These services limit the risk of BYOD policies without comprising many of the benefits they bring to healthcare organizations.
Risk #3: High Recovery Costs
Data breaches in the healthcare industry are extremely costly, even relative to other data breaches. The 2018 Ponemon Institute and IBM Security Cost of a Data Breach Study found that healthcare data breaches are the most expensive to mitigate of any industry. The cost per stolen record in the healthcare industry is $408, nearly three times higher than the cross-industry average of $148 per record.
Healthcare organizations also incur significant advertising expenditures following a breach. A study published in the American Journal of Managed Care and reported in the HIPPA Journal found that hospital advertising spending skyrocketed with a 64% increase in the year immediately following a cyber breach and an 80% average increase over the two-year period after a breach. The funds required to restore public relations integrity can take valuable resources away from those who need it most, adversely affecting populations beyond the immediate victims of a beach.
To help with these costs, ProWriters offers access to broad and comprehensive Cyber coverage. The competitive policies we offer cover the most expensive aspects of a breach by including features like crisis management. This covers the cost to retain a public relations firm and can significantly reduce the impact of post-breach advertising costs to the organization. In addition, policies include coverages for:
- IT forensic costs
- Notification costs
- Credit protection costs
- Regulatory defense costs
- Fines and penalties
ProWriters Simplifies Cyber Insurance for the Healthcare Industry
Cyber Liability Insurance is designed specifically to address cyber risk in healthcare and other industries. These insurance products cover the first and third-party costs associated with a breach and often include risk management services and resources to help organizations mitigate their exposure.
Brokers and agents looking for Cyber Liability Insurance for healthcare know how time-consuming comparing carriers can be. ProWriters is dedicated to simplifying the process for agents and brokers, which is why we launched our Cyber IQ Comparative Rate Portal. Our innovative portal allows users to seamlessly obtain multiple quotes from multiple carriers for an instant comparison.
ProWriters also brings 20 years of experience to the industry and is continually adapting as cyber risks evolve. We use our expertise to make your job easier, supporting you with a streamlined process and saving you valuable time and effort.
While healthcare organizations face many industry-specific exposures, any organization that handles electronic data or relies on computer systems is at significant risk of a cyber incident. ProWriters’ downloadable eBook, Creating a Comprehensive Cyber Risk Management Plan, is a roadmap to cyber risk management for businesses and individuals across every industry. Download your copy today to get this FREE cybersecurity resource or speak with an expert at ProWriters to learn more about our industry-leading Cyber Liability services.