What physicians need to know about cyber liability insurance

Cyber insurance covers losses and damages resulting from patient data being stolen, exposed, held for ransom, or improperly shared. It covers deliberate actions, such as hacking or ransomware, as well as accidents, such as the loss of a laptop containing unencrypted patient information or a coding error that accidentally exposes patient data.

A comprehensive policy covers paper records, as well, as so much information is still stored in physical files.

Cyber insurance helps providers deal with the consequences of a data breach, which can range from relatively minor to catastrophic, and it covers almost any loss or expense that can be attributed to the breach. Examples include:

Paying regulatory fines and penalties.

Compensating for loss of income
from downtime or patients who leave
the practice.

Hiring information technology (IT)
experts to find and fix the breach.

Hiring a call center to handle inquiries
from patients.

Hiring a public relations firm to deal
with unwelcome publicity.

Hiring attorneys to represent the practice
in any lawsuits filed by patients (as well as any damages awarded).

Paying a ransom to free hijacked data.

Coverage typically applies only to the data and not the computer hardware a practice uses, such as laptops, smartphones, tablets or servers, which often are covered under a general business insurance policy.

A complete policy includes first-party and third-party coverage, says Marcin Weryk, head of business development for Coalition, a cyber insurance firm. First-party coverage pays for damages suffered by the policyholder, such as lost revenue, business interruption, IT forensics and data restoration. Third-party coverage compensates for damages caused to others by the data breach, such as the legal costs incurred from lawsuits filed by affected patients.

Practices that haven’t bought cyber insurance often have some coverage through their malpractice or general business policies, but it’s usually limited to approximately $30,000 in damages and contains exemptions, says Brandon Clarke, co-founder of Affenix, a brokerage specializing in cyber liability insurance.

Before deciding whether to purchase additional cyber insurance, physicians should know what coverage they…