Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Cyber Liability: Common Causes of Healthcare Data Breaches


Cyber Liability Common Causes of Healthcare Data BreachesResearch from Verizon Enterprise Solutions shows that almost 75% of healthcare data breaches can be linked to three common security problems: improper or criminal accessing of credentials to information systems; losses of or thefts of laptops; and unintentional errors, such as sending sensitive information to the wrong person. Managing these issues can significantly impact a healthcare organization’s overall security performance.

How big is the problem? According to the Ponemon Institute’s Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, nearly 90% of healthcare organizations have experienced data breaches, and for the second year criminal attacks are the leading cause of breaches in healthcare. In fact, 50% of data breaches in healthcare in 2016 have been caused by criminal attacks.

Unfortunately, the findings by both Verizon and Ponemon indicate that although there is an increase in awareness among healthcare providers regarding the high risk of data breaches, many organizations and their third-party business associates are still negligent in the handling of sensitive patient information and lack the budget, people and expertise to manage data breaches caused by employee negligence and evolving cyber threats.

“In the last six years of conducting this study, it’s clear that efforts to safeguard patient data are not improving – more healthcare organizations are experiencing data breaches now than six years ago,” said Larry Ponemon, chairman and founder of the Ponemon Institute.

“Negligence – sloppy employee mistakes and unsecured devices – was a noted problem in the first years of this research and it continues,” he said. “New cyber threats, such as ransomware, are exacerbating the problem.”

What should healthcare organizations be doing to mitigate the risk of a breach? Strengthening controls with encryption is important but many unfortunately fear not being able to immediately access important patient information during an emergency, according to Verizon. “Physicians are not willing to jump through another hoop and enter another password,” says Suzanne Widup, senior analyst for health care cyber security at Verizon.

There are also times when encryption could and should easily be deployed and is not. For example, researchers’ laptops, which are often left in their cars or in their homes, are not encrypted and should be.

Another blind spot in protecting patient data is getting full C-level acceptance and understanding of the necessity to implement a program to increase security. When leaders are asked if they know where their data is, they say yes, but as the discussion continues, it becomes clear they don’t, and “what feels very secure turns into a challenge”, says Verizon. Yet there is some movement among leaders on security and being more proactive especially when they realize the impact a breach has on an organization’s reputation.

Having the proper Privacy & Network Security Liability/Cyber Liability insurance program designed for healthcare providers, including medical practices, is critical in ensuring that if a breach occurs many of the costs involved will be covered. Data breach-related expenses involve forensics to determine how the compromise occurred and its extent, notification costs, identity protection solutions, public relations, business interruption, potential fines and penalties, and third-party liability, among others.

Axis Insurance Services specializes in Cyber Liability and provides healthcare and medical organizations with coverage designed to address your needs. For more information about our products, contact us at (877) 787-5258.

 

Comments

comments

Blogged on: August 8, 2016 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions