Tech & Innovation in Healthcare

Question: I keep reading in the news about the financial penalties and overall costs that healthcare organizations can accrue from a data breach or a cyberattack.

Are there insurance plans to help protect organizations from the costs associated with cyberattacks?

Kentucky Subscriber

Answer: Yes, cybersecurity insurance (or cyber insurance) helps organizations protect themselves against possible financial losses caused by a cyberattack. Cyber insurance is designed to help protect your organization from any operational, security, privacy, or service risks because of malicious threat actors.

Healthcare organizations continue to be one of the prime targets for threat actors because of the massive amount of data the threat actors can collect, sell, or use elsewhere for other attacks. According to the 2022 IBM Data Breach Report, the average total cost of a data breach in healthcare is $10.1 million — “the highest average data breach cost of any industry.” A cyber insurance policy could cover the costs associated with detection and escalation, issuing notifications, responding to the breach, and any lost business.

According to the Federal Trade Commission, you should ensure a cyber insurance policy includes coverage for the following:

• Cyberattacks, such as breaches to your network
• Cyberattacks that occur anywhere in the world
• Cyberattacks on your data held by a third party
• Data breaches
• Acts of terrorism

Additionally, cyber insurance should work in tandem with your existing cybersecurity risk management strategy. The insurance should help your organization only if an attack happens, rather than acting as your defense plan. Ideally, the policy would complement the organization’s cybersecurity policies, processes, and technologies.