Cyber breaches in the health care industry come from both internal and external threats with miscellaneous errors, crime ware and privilege misuse representing 63% of all incidents, according to findings from Verizon’s 2018 Data Breach Investigations Report (DBIR). The data compromised from these breaches include medical information (79%), personal information (37%) and payment information (4%).
Employee errors, according to the Verizon report, include failing to shred confidential information, sending an email to the wrong person or misconfiguring web servers. While none of these are deliberately ill-intentioned, they could all still prove costly. Employees are also continuing to fall for phishing campaigns. The good news, says the report, is that 78% of people don’t click on a single phishing campaign all year. But, on average, 4% of the targets in any given phishing campaign will click it. Moreover, the more phishing emails someone has clicked, the more likely they are to do so again.
The report also highlights the extent of ransomware in the industry, accounting for 85% of all malware in health care. In addition, this form of malware has started to impact business critical systems (i.e., encrypting a file server or database) rather than just a single device such as desktop, leading to bigger ransom demands and making the life of a cybercriminal more profitable with less work.
To help prevent breaches, strong defense is required in the form of cyber security. This means an organization must remain vigilant; make employees the first line of defense by having them understand the damage a breach can have on a provider’s reputation and bottom line; keep anti-virus software up to date; encrypt sensitive data; use two-factor authentication, notify patients of a breach; and pinpoint how a breach occurred to remedy vulnerabilities; among other measures.
Integral to cyber security for health care providers is also having a strong Cyber insurance plan in place. A comprehensive, 360-degree Cyber insurance program doesn’t only provide coverages to respond to the fallout from a breach but also includes access to pre-breach and risk management services and, in the event of a cyber breach, the ability for an insured to work with an in-house breach response team and claims team to resolve the incident. Manchester Specialty Programs provides both the Cyber coverage and risk management services to home health care providers with our carrier partners.
Several of the coverage features in the Cyber product we offer for home health care providers include:
- First-party coverage for cyber extortion
- Data recovery costs
- Business interruption resulting from security breaches and system failures
- Contingent business interruption from incidents occurring at the policyholder’s vendors and suppliers
- eCrime coverage
Home health care providers through our partners will also have access to a risk management portal to tap into resources for incident response planning, employee training, compliance and security best practices. Newsletters and live expert webinars are available to provide information about the latest threats, preventive steps and regulatory developments. Organizations will have access to a cyber security company at negotiated rates for a host of pre-breach services as well, such as onboarding calls, incident response plan reviews and on-site workshops to improve the robustness of their cyber security.
Manchester Specialty Programs is committed to helping organizations in the home health care and hospice industry mitigate their risk to cyber threats and provide insurance solutions to respond in the event of breach. For more information about our Cyber insurance solutions and how you can assist your clients, please contact us at 855.972.9399.