With recent high profile hospital cyber-attacks triggering yet another wave of articles about why you must buy more and better cyber insurance, the concept of prevention is getting less attention.
Prevention, unfortunately, does not have the same selling appeal as protection. Now that may sound odd, considering my professional success largely relies on assisting hospital and physician group leaders make sound insurance decisions.
But, just as buying insurance is not the complete answer to combat cyber-attacks, simply selling insurance is not a comprehensive explanation of how my colleagues and I at HealthSure help our clients.
Applicable to every organization, preventing circumstances that give rise to risk is your very best insurance.
Without the combination of prevention and protection, your prosperity is at risk.
Reason #1: Saving lives
In war zones healthcare providers have always relied on the highly visible Red Cross to protect their facilities from combatant attacks. In the cyber war waged against hospitals and physician groups, however, greed has overpowered the universally respected sanctity of healthcare.
While there has yet to be a documented case where cybercrime has caused the death of a patient, experts say it is only a matter of time. When ransomware can lock caregivers out of patient health records, it is not hard to imagine a scenario and clearly that prevention is absolutely essential.
Reason #2: Your reputation and patient peace of mind
The people you serve rely on your organization to deliver consistent healthy and life-saving services safely and securely. Their peace of mind is the best protection your reputation has. That means taking proactive steps to prevent cybercrime from compromising patient privacy, health, and safety is an essential part of managing a modern healthcare organization.
Reason #3: Accountability breeds better business practices
The most important thing you can do is to educate all employees on security measures needed to protect your organization.
Begin with education: The majority of cybercrimes begin when an employee clicks an email or file that should not have been opened, giving the hackers a foot in the doorway to your network.
Create a backup culture: Make backing-up a habit for everyone and ensure backups are physically detached from your network. Criminals hold very little power when an up-to-date copy exists on an outside server.
Be strategic: Include cybercrime in your continuity of operations (COOP) or disaster recovery (DR) planning. Preparing for cyber-attacks just as you would a natural disaster is the best way to prevent costs of cyber risk from escalating, such as data recovery and replacing servers.
Effective prevention contains three fundamental imperatives:
- Assess the value of your data and relative vulnerability in order to prioritize your insurance investment
- Create, implement, and monitor a policy for continuous IT and infrastructure upgrades
- Invest in staff to defend your data by educating existing employees and hiring new staff
A sound prevention strategy enables you to fully understand the type of protection needed to avoid the negative impact of a cyber threat.
Cyber insurance policies are anything but “one-size-fits-all”. This common misconception can lead to some serious surprises in your boardroom. A 2015 HealthSure survey found that 75% of our clients do not have customized cyber policies designed to protect their hospitals.
Location is another variable. Often state laws are more stringent than federal laws regarding how quickly patients must be notified in the event of a cyber breach. This means an attack could be a lot more costly, a cost that is not covered by most policies.
At HealthSure, we partner with carriers and other providers to help our clients prevent risks from happening. We offer specific protection solutions designed on a client-by-client basis. If any of the information in this article compels you to take action, we can help.
Contact me to find out how you can take all the appropriate prevention and protection steps to ensure your organization can prosper.
Agent On the Record is my personal opinion column. My goal is to provide you with useful, interesting and timely information that will help you succeed in the increasingly complex world of risk and insurance.
My views do not necessarily reflect the views of HealthSure, my employer.
I welcome your feedback, questions and ideas.
Eric Boudinet
This communication is designed to provide a summary of significant developments to our clients. Information presented is based on known provisions. Additional facts and information or future developments may affect the subjects addressed. It is intended to be informational and does not constitute legal advice regarding any specific situation. Plan sponsors should consult and rely on their attorneys for legal advice.
