The recent news that New York health insurer, Excellus BlueCross BlueShield, and its affiliates, were hit with a data breach in which hackers may have accessed the personal information of 10.5 million customers, again underscores the vulnerability of the healthcare industry to cyber attacks. In fact, according to the latest Breach Level Index from digital security vendor Gemalto, the healthcare industry accounted for 21.1% of data breaches in the first half of 2015. This represents the highest percentage of any industry.
In fact, of the 888 data breaches tracked worldwide in the first six months of this year, healthcare accounted for 187 breaches. Although this number is done from last year, healthcare takes the top spot when it comes to the number of records breached by industry with 84.4 million records, or 34% of the total. According to Health Data Management, this represents a dramatic shift from the past few years when healthcare had relatively small numbers of records involved in data breaches.
The largest breach in the first half of 2015 was the attack on Anthem Insurance, which exposed 78.8 million records, representing almost a third of the total data records compromised.
“What we’re continuing to see is a large return on investment for hackers with sophisticated attacks that expose massive amounts data records, says Jason Hart, vice president and chief technology officer for data protection at Gemalto. The challenge is that cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015, according to Gemalto, netted more than 450,000 data records, which is an increase of 200% compared to the same time last year.
Cyber security is critical for organizations to mitigate the overall cost and adverse consequences that result from a data breach. This involves taking certain measures such controlling access and authentication of users, encrypting all sensitive data at rest and in motion; and securely storing and managing all encryption keys. Implementation of each of these three steps into one’s IT infrastructure can assist companies in effectively preparing for a breach and help avoid falling victim to one.
Having a sound Cyber Liability insurance program is also critical for all healthcare organizations, regardless of size, location or specialty. A Cyber Liability policy when properly designed can provide coverage, among others, for:
- Privacy notification expenses, including health care records monitoring.
- Forensics to determine the cause of breach.
- Costs associated with restoring IT systems and equipment to their pre-breach status.
- Crisis management public relations costs.
- Business interruption – lost income from a computer attack.
- Defense costs and damages arising as a result of breach of confidence or infringement of any right to privacy.
- Regulatory defense costs and fines and penalties.
Caitlin Morgan specializes in Cyber Liability insurance for healthcare organizations and can assist you in securing a policy that best suits your insured’s risk profile. Give our specialists a call at 877.226.1027 to find out about our programs.