Industry-Specific Exposures = Increased Cyber Risk in Healthcare
The healthcare industry is among the top at-risk industries for cyber crime. To prepare for the possibility of a cyber incident, healthcare organizations must assess the industry-specific risks they face.
The experts at ProWriters have identified the top reasons why cyber risk is so high for healthcare organizations, which are detailed below. Through our Cyber IQ Platform, we offer access to cyber insurance for healthcare organizations. These policies provide vital coverage, as well as risk management support and incident response services designed to protect healthcare data for your clients.
Risk No. 1: High Black Market Demand for Patient Records
Patient data is highly valued on the black market, making hospitals a primary target for cyber criminals. According to a report by the FBI’s Cyber Division, criminals can sell healthcare records for 50 times the price of a stolen social security or credit card number.
Criminals can use medical information for a wide variety of illicit activities. With this information, criminals can:
- Create fake identification cards
- Gain access to medical equipment or medications
- File medical claims with insurers
Electronic healthcare records are also more valuable because they are difficult to detect. On average, it takes twice as long to uncover theft of electronic medical records as it does to detect typical identity theft. This gives cyber criminals a larger window of time to sell or use the information. It’s also more complicated to resolve medical identity theft than something like credit card fraud, which typically involves a fairly straightforward process of canceling the card and disputing the fraudulent charges.
The slow detection times and versatility of electronic medical records make healthcare data a prime target for hackers.
Risk No.2: Bring Your Own Device Policies
Many healthcare providers have Bring Your Own Device (BYOD) policies. Survey data suggests that over 80% of healthcare providers allow their doctors, nurses, and other medical staff members to bring their own mobile devices to work. While this practice certainly encourages convenience for healthcare workers, it also means increased cyber risk.
Despite that “smart” medical devices are easily breachable, many healthcare organizations aren’t taking steps to secure them. For a hacker, only one weak device is needed to penetrate a network.
BYOD policies are a serious healthcare cyber risk because they increase the number of access points available to criminals. In 2013, AHMC Healthcare Inc. in California lost over 700,000 patients’ data when two laptops were stolen. Horizon Healthcare in New Jersey experienced a similar incident when two laptops were stolen from their Newark offices, exposing as many as 690,000 patient records. In both cases, the stolen laptops were password-protected but not encrypted.
As BYOD policies become common practice in hospitals and healthcare organizations, the industry will face increasing attacks by cyber criminals.
Cyber risk literacy is the best defense against the risks posed by BYOD policies. For this kind of exposure, ProWriters offers access to risk management and loss prevention services. These services include preventative measures, educational materials, and cyber security tools from the top vendors in risk management. These services limit the risk of BYOD policies, without comprising many of the benefits they bring to healthcare organizations.
Risk No.3: High Recovery Costs
Data breaches in the healthcare industry are extremely costly, even relative to other data breaches. The 2019 Ponemon Institute and IBM Security Cost of a Data Breach Study found that healthcare data breaches are the most expensive to mitigate, compared to any other industry. Data breaches cost the healthcare sector an average of $6.5 million, which is upwards of 60% more than all other sectors.
Healthcare organizations also incur significant advertising expenditures following a breach. A study published in the American Journal of Managed Care, reported in the HIPAA Journal, found that hospital advertising spending skyrocketed with a 64% increase in the year immediately following a cyber breach. And, an 80% average increase over the two-year period after a breach.
The funds required to restore public relations integrity can take valuable resources away from those who need it most, adversely affecting populations beyond the immediate victims of a beach.
To help with these costs, ProWriters offers access to broad and comprehensive cyber coverage. The competitive policies we offer cover the most expensive aspects of a breach by including special features—like crisis management. Crisis management covers the cost to retain a public relations firm and can significantly reduce the financial toll of post-breach PR costs. In addition, policies include coverages for:
- IT forensic costs
- Notification costs
- Credit protection costs
- Regulatory defense costs
- Fines and penalties
ProWriters Simplifies Cyber Insurance for the Healthcare Industry
Cyber Liability Insurance is designed specifically to address cyber risk in healthcare and other industries. HIPAA breach insurance coverage covers the first- and third-party costs associated with a breach. Cyber insurance products often also include risk management services and resources to help organizations mitigate their exposure.
Brokers and agents looking for the best cyber liability insurance know how time-consuming it can be to compare carriers. ProWriters is dedicated to simplifying the process for agents and brokers, which is why we launched our Cyber IQ Comparative Rate Platform. Our innovative platform allows users to seamlessly obtain quotes from multiple carriers for instant comparison.
ProWriters also brings 20 years of experience to the industry and is continually adapting as cyber risks evolve. We draw on our deep expertise to make your job easier by supporting you through high-quality customer support.
While healthcare organizations face many industry-specific exposures, any organization that handles electronic data or relies on computer systems is at risk for a data breach. ProWriters’ downloadable eBook, Creating a Comprehensive Cyber Risk Management Plan, is a roadmap to cyber risk management for businesses and individuals across every industry. Download your copy for free today!
You can also speak with an expert at ProWriters to learn more about our cyber liability products for healthcare organizations.