On a number of occasions, we have written about the high-profile data breach cases that have made headline news – from Target and Home Depot to Anthem and Premera Blue Cross, among many others. However, it’s not only the newsmakers that are vulnerable to cyber attacks – any organization that stores its data digitally is a target in today’s world of cyber crimes. Moreover, as larger companies increasingly invest in cyber security, hackers are putting their focus on more vulnerable prey. In fact, according to insurance publication, Property/Casualty 360, about 62% of cyber attack victims are small to mid-sized businesses. Within this high statistic are healthcare organizations of all sizes – including nursing homes – that have been targets of cyber attacks.
Examples of data breaches at nursing homes throughout the country run the gamut – from a laptop and flash drive stolen from a physician’s car, which compromised a South Dakota nursing home’s patients’ protected health information (PHI), to a security breach that occurred on the file-sharing site 4shared.com, which contained information on three New York nursing homes.
When breaches do occur at nursing homes and other healthcare facilities, the costs involved can be significant. Monetary losses can include the repair fees for compromised networks and data systems, forensic costs, notification costs, credit monitoring fees and punitive damages. A patient could have strong legal ground in a lawsuit if the facility is deemed negligent in exercising its duty of care in safeguarding a patient’s PHI records. Healthcare facilities can also be subject to federal fines and state penalties. On the federal level, the Office for Civil Rights (OCR) can impose as much as $1.5 million per violation. State laws, while varying, can also be stringent, including imposing penalties per patient up to a certain amount and fines for late breach notifications.
The challenge is that many nursing homes and other senior living facilities don’t have a plan in place to protect themselves or their patients/residents against cyber attacks. This is partly because the criminals electronically stealing health records do so largely undetected and miles away from the location of the data. In fact, an attack can go unnoticed for months or years – until the data is actually used and the owner of the data has suffered harm.
Not only do nursing homes need a strong cyber risk management program in place, but they also should be carrying Cyber Liability insurance. A good Cyber insurance policy begins with third-party and first-party coverage for the loss of or damage to digital data. Coverage should include the cost of digital forensics and mandated notifications to victims as well as the cost for crisis management and any related fines and penalties.
Caitlin Morgan specializes in providing insurance programs for nursing homes and other senior living and healthcare facilities. Our programs can be designed to include a Cyber Liability insurance component to protect these organizations from this increasingly emerging risk. For more information about our Cyber insurance solutions, give us a call at 877.226.1027.