Does Your Small Business Need Data Breach Insurance?

  • April 23, 2018
  • Cooperative of American Physicians

The impact of a cyber attack on a small business can be devastating. Healthcare providers – regardless of size – are particularly vulnerable because of the types of data you store.  In fact, the street value on the Dark Web for Personally Identifiable Information (PII) and Protected Health Information (PHI) is 10 to 20 times higher than financial data. (The Dark Web area of the World Wide Web is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.)

Because of the growing number of data breach claims CAP Physicians Insurance Agency (CAP Agency) receives, we strongly recommend increasing your cyber risk insurance beyond the $50,000 CyberRisk liability policy you automatically receive as part of your CAP membership.

On-Demand Webinar: Key Strategies for Ensuring a Profitable Independent Practice
During this one-hour program, practice management expert Debra Phairas discusses how various business models and operational enhancements can increase revenue to help your practice remain successful in today’s competitive marketplace.
Watch Now

The following scenario illustrates how adequate cyber risk coverage can significantly protect a healthcare provider:

A clinic received notice from an IT Security company that the PHI of 88 patients was found on the dark web. Shortly afterward, the clinic received an anonymous email from a hacker calling himself “The Dark Overlord” claiming to be in possession of all the clinic’s information and records. Because the clinic had sufficient cyber risk protection, here is what insurance covered:

IT Forensic Consultants – Determined that the PHI was likely accessed by a hacker gaining access to an employee username and password. Cost: $82,175

Breach Coach Counsel – Determined there was a high probability that all records were in fact obtained by “The Dark Overlord,” requiring notification to all 544,000 patients. Cost: $66,909

Public Relations Firm – Assisted the clinic in developing a crisis management plan to mitigate reputational harm resulting from the incident. Cost: $83,516

Notification Expenses and Credit Monitoring – Notified and offered free credit monitoring to 544,000 patients. Cost: $817,400

Total expenses covered by cyber risk insurance: $1,050,000!

CAP Agency offers a $1 million higher limit policy with 50,000 notifications outside the policy limit. For as little as $750 a year per single physician, you can supplement your value-added CyberRisk liability policy for added peace of mind. Call us today at 800-819-0061 to make sure your practice is fully protected!