The healthcare industry has seen some dramatic changes over the last few years, moving from manual to computerised records, developed population health tools and enhanced security. This rate of change isn’t looking to slow anytime soon. Cyber security currently tops the list of risks for many healthcare leaders.
In an Information Commissioner's Office (ICO) review of care homes alone, they reported:
- Little formal training on cyber security and data protection
- Shared generic accounts to gain access to IT
- Weak passwords
- Encryption of personal data on portable devices often not implemented
- Little restriction of the use of portable media1
To protect against the risk of human error, carry out robust risk assessments, offer training and ensure you’re covered by a cyber liability for health and care policy, protecting you against cyber-crime and data breaches.
A cyber incident can lead to:
- Theft of money, data or goods
- Business interruption
- Reputational damage to your company or brand
Common examples of cyber-crime claims from QBE:
Computer held at ransom
A company director at a construction firm quite innocently clicks on a link in an email that he believes has come from one of his customers. To his horror, his computer and the company’s entire computer network are instantly locked with a message demanding a ransom payment of £2,000 in bitcoin to restore things back to normal.
Fraud offence
Just before the weekend an employee in the accounts department receives what appears to be a genuine email from one of their longstanding customers, to ask if a payment can be made that same day to ‘help them out of a cash-flow problem’. The email gives a bank account number and sort-code for the payment. Needless to say, the money has just gone to a scammer.
Reputational damage
Customers take to social media and the press to complain about their personal data being hacked. The company is lambasted on Twitter and Facebook for their ‘shoddy handling’ of the whole affair and resorts to hiring in a professional public relations crisis management company to restore confidence.2
Common examples of human error and data breach claims from Beazley:
Below, you can see a diagram showing Beazley’s cyber liability claims data for the care sector - loss or theft of paperwork or data left in an insecure location was one of the most commonly reported data breaches, followed by data emailed to an incorrect recipient.3
How a cyber liability policy can help:
- Taking action ‒ As soon as an incident is notified, a cyber policy reacts, covering your liabilities on media, data security, viruses and hacking
- Rectification ‒ Costs covered are further reaching than your initial liabilities. Customer notifications, credit monitoring and legal fees may also be included
- Repairing the damage ‒ In addition to hiring forensic to identify root causes, PR consultants can also be paid to mitigate damage to your brand
Sources
1. Findings from the ICO advisory visits to residential care homes for adults and children
2. Beazley's Breach Response