A cyber insurance policy, or cyber liability insurance, covers incidental damages from a cybersecurity attack or data breach.Coverage may include damages and costs related to HIPAA-related fines, replacement of damaged IT infrastructure, theft/destruction, ransom, filing lawsuits, etc. It helps to cover breaches and threats regarding HIPAA and protected health information (PHI).SEE ALSO:What is a HIPAA Violation?
Why healthcare organizations need cyber insurance
Healthcare is the most vulnerable business sector. With COVID and the increase of remote workers, network security is even more critical than usual. Cyberthreats are more prominent as cybercriminals take advantage of transitions and uncertainty of how to handle new COVID-19 related protocols.SEE ALSO:Cybersecurity Risk Management: How Companies Are Responding to COVID-19 and Remote WorkCyber insurance policies help protect medical and healthcare organizations from legal, financial, and reputational blows at the hand of cybercriminals. For example, a data breach involving PHI can lead to lawsuits from governing agencies and patients, a loss of trust, and ultimately, business.
What to look for
Like all insurance policies, coverage varies widely among firms. Since cyber liability insurance is relatively new, there is no standard or expectation of coverage, making it harder to make the right choice.However, we have gathered some key inclusions that a cyber insurance policy should offer.
Activity/network monitoring
Breach notifications
Network security
Business interruption costs
Legal fees
Typically, the organization’s specific circumstances tailor most cyber insurance policies. This is a good thing, but it also means that the buyer must do their due diligence to assess which elements are right for them.Insurance carriers should always be transparent about the efficacy and relevant offerings. Always assess your organization’s needs and vulnerabilities when shopping for an appropriate policy.
First-party vs. third-party coverage
There are typically two separate categories for cyber insurance policies, first-party and third-party coverage.First-party coverage relates to damages of the attack or event itself. First-party coverage can include direct costs from spear phishing attacks, ransomware, and other cyberattacks or breaches. SEE ALSO:The Costs of Ransomware AttacksThird-party coverage is typically the aftermath of an attack. Any damages resulting from the initial attack - such as claims made from outside parties - fall into this category. This includes HIPAA violation claims from Health and Human Services, fines from credit regulatory agencies, patient lawsuits, etc.It is important to note that first-party and third-party coverage include different features and often are separate policies. Consult with your underwriter to ensure adequate coverage.
Prevention is the best step
Investing in cyber insurance is a good - and even necessary - measure for protecting your organization. With the prevalence and frequency of attacks in the healthcare sector, no protection is too much. SEE ALSO: Universal Health Services Is the Target of One of the Largest Medical Cyberattacks in HistoryProactive measures, however, are the preferred method. Rather than having to react and invoke costly cyber insurance, you can do yourself a huge favor by following some guidelines to protect against an attack at all.According to Chubb, there are some actions you can take to help protect yourself from a threat:
Even with taking these precautions, it is important to realize that there is never guaranteed protection from cyberthreats. These steps are critical measures to reduce your risk significantly.
How Paubox can help
Fortunately, Paubox Email Suite Plus is a HIPAA compliant email solution that blocks phishing emails with inbound and outbound email security. Our solutions are HIPAA compliant by default, so you always protect your organization and patient data with zero-step encryption.Paubox Email Suite Plus also comes with ExecProtect, which protects against tricky display name spoofing by stopping the attack before it hits your inbox.