There is no doubt that cyberattacks are on the rise.
While there was a brief decrease in attacks in 2022, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) noted a 22% increase in reported ransomware incidents from American victims in 2023. As if this wasn’t troubling enough, the IC3 also noted that reports of ransomware reflected a 74% increase in the cost of attacks compared to 2022.
Healthcare organizations are particularly tempting, lucrative targets for cybercriminals because of their dependency on internet-connected systems and the large amounts of sensitive, personally identifiable information and data they hold. Cyberattacks on the global healthcare industry nearly doubled from 2022 to 2023; but attacks on US healthcare institutions skyrocketed by 128%.
Helping clients understand the importance of cybersecurity
Selling Cyber Insurance to SMB healthcare providers does have its challenges. Many small-to-medium healthcare practices and clinics may simply not recognize their vulnerability to cyberattacks, or that the sensitive patient data they handle every day represents a very lucrative target for cybercriminals.
However, given the increasing frequency of cyberattacks, the financial and reputational cost to businesses, and the potential damage caused to patients, the need for solid cybersecurity in healthcare cannot be understated.
But if your clients do fall victim to a cyberattack, then the impacts of the attack could not just hurt them financially but also damage their reputation as a healthcare provider.
Healthcare organizations’ vulnerabilities
The fallout from cyberattacks on hospitals and medical facilities can be devastating, with organizations being forced to delay medical procedures, divert patients to other facilities, and reschedule appointments.
And unfortunately, the industry is particularly vulnerable to breaches due to several factors:
Internet-connected devices
An increasing number of healthcare and medical devices now need the internet to function – from medical imaging devices to digital thermometers. These Wi-Fi-enabled devices are extremely convenient and beneficial, but each one represents a potential vulnerable point in the network that cybercriminals can exploit.
Cybercriminals can hack devices that are connected to a network and use these as entry points to gain access to the system. This allows them to gain access to sensitive patient data and even the computer network itself.
Third parties
Many organizations in the healthcare sector rely on third parties for various services, from cloud storage to staff rostering, lab work to patient billing. Even if your clients’ cybersecurity measures are up to date, this doesn’t always mean that third-party providers are taking the same steps to protect client data and information.
In 2022, OneTouchPoint (OTP) became the victim of a massive data breach that affected 2.6 million people. The breach ultimately affected more than 30 clients in the healthcare sector such as Kaiser Permanente, Anthem, and Blue Cross. Victims of the breach had their names, addresses, dates of birth, medical records, health assessment results and more stolen. Because OTP was unable to safeguard this sensitive information, the breach put millions of people at risk of identity fraud and theft.
Human error
Many data breaches occur because of a lack of risk awareness. In fact, 91% of all cyberattacks begin with a simple phishing email. And as if that figure wasn’t daunting enough, data breach research by IBM states that phishing breaches have the longest lifecycles. On average, it takes 243 days to identify the cyber breach itself and then another 84 days to contain it.
However, there is a silver lining: 84% of US-based organizations believe that conducting regular cybersecurity education training has helped to increase cyber risk awareness and decrease simple human errors.
Adhering to HIPAA home health care guidelines
For home health care workers to remain compliant with HIPAA guidelines, they must ensure the confidentiality, integrity, and security of patients’ health information. This includes developing protocols for the secure handling, storage, and transmission of Protected Health Information (PHI).
Compliance with HIPAA involves such measures as employee training and utilizing HIPAA-compliant technologies such as encrypted communication and secure electronic health record systems.
However, if a breach does occur, then Cyber insurance may be able to help. Often bundled in packaged policies like Professional & General Liability (PGL), Cyber insurance can help to cover the costs associated with privacy breaches. Ensuring your healthcare clients have proper coverage can help to protect their finances and reputation in case of non-compliance or data breaches.
Professional & General Liability Package for home care workers
Cyber coverage is included in a Professional & General Liability Package that can help your healthcare clients address privacy breaches that could devastate their finances and reputation.
Protect your home care clients against cyberattacks and privacy breaches. BizInsure for Agents offers a Beazley PGL package that includes:
- Cyber Liability, plus 3 other essential coverages
- Coverage for over 100 occupations
- Limits of liability up to $1 million or $3 million
- Revenue limits up to $5 million.
With BizInsure for Agents, you can quote and bind instantly, with no need to contact the carrier, and experience full lifecycle management and support.
As with any insurance, coverage will be subject to the terms, conditions and exclusions contained in the policy wording. The information contained on this web page is general only and should not be relied upon as advice. The number of quotes provided varies between products, occupations and other underwriting factors determined by the insurers.
© Copyright 2024 BizInsure LLC, 2015 ALL RIGHTS RESERVED BizInsure LLC; CA DBA: Simple, Smart, BizInsure Insurance Agency LLC; NY DBA: BizInsure Services LLC; NH DBA: Simple, Smart, BizInsure Insurance Agency; PA DBA: BizInsure Services LLC. 2950 Buskirk Ave Suite 300, Walnut Creek CA 94597. License #0H81929