In the ever-evolving world of healthcare, cyber threats have become one of the most pressing risks to organizations that handle sensitive patient data. As healthcare continues to rely more heavily on digital systems, the risk of breaches, hacks, and fraud skyrockets. Yet, many healthcare administrators are unfder the impression that all cyber liability policies are the same, and have a hard time understanding the complex language used in these policies so they’re unsure of whether they have the right coverage or not.
From the differences between coverage types to the often-overlooked contingent business income protection, understanding cyber liability is no longer an option but a necessity for every healthcare organization.
Why Cyber Liability is Crucial for Healthcare
Healthcare organizations are prime targets for cyberattacks because of the sensitive data they handle, including medical records, billing information, and personal patient details. These attacks can lead to significant business disruption and financial loss.
- Medical records and sensitive data are highly valuable to cybercriminals.
- Cyberattacks in healthcare are among the most common and costly of all industries.
- The financial impact can be severe, including revenue loss, patient notification costs, forensic investigations, and ransomware payouts.
Key Cyber Liability Coverage for Healthcare Organizations
Not all cyber liability policies are created equal. It’s crucial to understand some of the most important types of coverage your healthcare organization may need.
1. Social Engineering Fraud
One of the fastest-growing cyber threats is social engineering fraud, in which cybercriminals manipulate employees into voluntarily transferring funds. For example, an employee might receive a convincing email from someone posing as the CEO, CFO, or a vendor, requesting an urgent wire transfer. These emails often appear legitimate, especially in fast-paced healthcare environments where quick decisions are common.
Why it matters:
- It’s the second most common cyber claim filed by healthcare organizations.
- Coverage limits have been significantly reduced in recent years, making it harder to secure adequate protection.
- Many carriers now require a two-step verification process to approve funds transfer claims.
2. Pay on Behalf of vs. Reimbursement Policies
Another critical aspect of cyber liability is whether your policy operates on a “Pay on Behalf of” or “Reimbursement” basis. The distinction can have a major impact on your ability to manage financial fallout from a breach.
- Pay on Behalf of Policy: The insurance carrier pays covered costs directly. This option is generally preferred as it avoids out-of-pocket expenses for the insured.
- Reimbursement Policy: The policyholder covers all costs upfront and is later reimbursed. This can place a significant financial burden on healthcare organizations dealing with immediate expenses like ransomware payments, forensic investigations, and patient notification costs.
3. Contingent Business Income Coverage
Healthcare organizations often rely on third-party vendors for critical operations, such as Electronic Medical Records (EMR) systems or billing platforms. If one of these vendors is hacked, it can halt operations, leading to lost revenue. This is where contingent business income coverage comes in—it covers your lost revenue if a third-party vendor’s systems are compromised.
Real-Life Example: A healthcare practice experienced this firsthand when their clearing house, Change Healthcare, was hacked. The attack shut down payment processing for weeks, severely impacting their cash flow. Fortunately, their contingent business income coverage replaced their lost revenue, allowing them to continue operating and paying staff.
Why You Should Act Now
Cyber liability policies are often complex, with coverage varying significantly depending on the carrier and agent you work with. Many policies don’t automatically include important coverages like social engineering fraud or contingent business income, which leaves your organization vulnerable.
Here’s what you need to consider:
- Does your policy include social engineering fraud coverage?
- Are you protected with a Pay on Behalf of policy, or are you at risk with a reimbursement policy?
- Does your cyber liability insurance cover contingent business income if a vendor your organization depends on experiences a breach?
Understanding these distinctions is key to ensuring your healthcare organization is fully protected from today’s increasingly sophisticated cyber threats.
Key Takeaways
- Healthcare is a prime target for cyberattacks. The need for comprehensive cyber liability coverage is critical.
- Not all policies are the same. The right coverage can make the difference between being fully protected and facing significant financial strain.
- Social engineering fraud coverage is essential, but many policies are reducing limits and requiring additional verification procedures.
- Pay on Behalf of policies offer better protection by covering costs upfront.
- Contingent business income coverage can safeguard your organization if a third-party vendor’s systems are compromised.
Take Control of Your Cyber Protection
The complexities of cyber liability insurance should not leave your healthcare organization exposed. It’s crucial to be proactive, review your current policies, and ensure that all the necessary coverages are in place to protect your business, patients, and reputation.
Unsure if your healthcare organization’s cyber liability policy offers the protection you need? Contact me today for a complimentary review. Let’s ensure you’re covered with the right policies to protect against the growing risk of cyberattacks. Be prepared, be informed, and safeguard your healthcare organization now.
About the author
Drew Colwell is a commercial insurance agent and risk manager who specializes in working with nonprofit organizations, healthcare providers and other human service related businesses all over the US. His contact information is below.
Phone: 406-204-3666
Email: andrewc@wafdinsurance.com
LinkedIn: https://www.linkedin.com/in/drewcolwell/