Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Healthcare Facilities, Organizations Prime Targets of Cyber Crimes

Healthcare Facilities, Organizations Prime Targets of Cyber Crimes

In March, hospital chain MedStar became the latest victim of a cyber attack in the health care sector, as hackers infiltrated its systems with a virus that crippled its IT infrastructure. MedStar operates 10 hospitals in the D.C./Baltimore region, and serviced more than 4.5 million patient visits in 2015, according to Fortune magazine. After the cyber attack, the hospital’s entire IT system was forced to shut down and revert to paper records. Moreover, the chain’s approximately 35,000 employees were not able to access emails or look up digital patient records in the attack’s wake.

MedStar’s attack was on the heels of another attack that occurred at a Los Angeles hospital where hackers were paid $17,000 to regain control of its computer system, and more than a year after cyber criminals broke into a database containing the records of nearly 80 million people maintained by the health insurer Anthem. The MedStar attack is a renewed reminder of the vulnerability of patient health records in systems at medical facilities throughout the country.

As we discussed in prior articles, there are several reasons why medical facilities are so vulnerable to data breaches. First, the information healthcare organizations protect is more valuable on the black market than a credit card number stored by a retailer. In addition, healthcare cyber security lags behind measures taken in other sectors such as banking.

In the case of the Anthem breach, for example, a lawsuit filed against the health insurer contends that it allowed wide employee access to its database and didn’t train workers how to handle “phishing” emails, which can bait a recipient into revealing a password. Investigators have said they think hackers may have used a phishing scheme to compromise the credentials of several workers. A partially redacted complaint filed in the litigation also said the company failed to employ common defenses like encryption, which can scramble data and make it useless. The lawsuit also states that Anthem only required a single password for those who wanted to get into its database from a remote location. Experts say two-factor authentication is the more common practice, which basically involves an employee entering a user name and password and then a separate password or identification number that can change. “Stealing this much data takes time, and there were numerous steps along the way when any company following standard IT security practices would have foiled the hackers,” the complaint states. (Note: An Anthem spokesperson stated the details in the federal lawsuit were merely allegations, and the company could not comment on pending litigation.)

The implementation of strong cyber security practices is critical in helping to mitigate the potential for a data breach. But no level of security is full proof against the determination of today’s sophisticated hackers. Having a robust Cyber Liability/Privacy & Network Security program in place for medical facilities is essential. Just as no physician would go without Medical Malpractice coverage, no healthcare provider should be without Cyber insurance.  In fact, just recently, the Brookings Institution calls for the health care industry to “embrace Cyber insurance”, saying it [insurance] “can fundamentally improve how patient privacy is viewed and managed” in the sector.

Axis Insurance Services provides the healthcare sector with Cyber Liability insurance to respond in the event of a security breach. Policies can be designed to provide first-party coverage to indemnify a healthcare facility for its response costs as a result of a breach, including legal fees, notification, credit monitoring, and IT forensics. Coverage may be tailored to include reputational damage as well – this involves the costs expended to protect the company’s image and regain patients’ trust and confidence. Additionally, there is a regulatory component of the policy that pays for legal defense, fines and penalties as a result of a breach. Also included is third-party coverage to pay for damages to an individual claiming financial (and emotional) harm as a result of an organization’s data breach. For more information about our Cyber solutions, contact us at: (877) 787-5258.

 

Comments

comments

Blogged on: May 9, 2016 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions