Cyberinsurance Now a Necessity, But Choose Coverage Wisely, Healthcare Risk Management, ft. Avery Dial
Avery A. Dial, partner at Kaufman Dolowich & Voluck in the Florida office, was quoted in a Healthcare Risk Management article on Cyberinsurance.
Insurance to cover cyberattacks leading to data breaches, ransom, and interference with medical care is becoming more popular with hospitals and health systems, almost becoming as much a necessity as malpractice coverage and general liability insurance. Choosing the right coverage requires understanding the available options and the needs within your own organization.
The risk of a data breach and the potentially huge costs were highlighted in the recent $115 million settlement resolving a 2015 data breach at insurer Anthem. The breach exposed the records of 78 million members.
Cyberinsurance is necessary in the eyes of Avery Dial, JD, partner with the law firm of Kaufman Dolowich & Voluck in Fort Lauderdale, FL.
“In this era, you definitely need cyberinsurance,” Dial says. “Furthermore, data theft and loss are not the only concerns. Data-destroying malware and ransomware is also a major concern.”
These threats give rise to first- and third-party risks, Dial explains. For instance, a hospital may make a first-party claim when it must pay for restoration of data destroyed by malware. That same event may also cause harm to third parties who may sue the hospital for damages caused by the destruction of the data, he says.
“Cyberpolicies may cover both first- and third-party risks specific to cyberthreats. While many people have tried to stitch together coverage for cyberevents via commercial general liability policies or property insurance policies, businesses should not rely on traditional insurance policies to cover cyberevents,” Dial says. “The cost is worthwhile because it is necessary. It is almost inevitable that you, as a business, will experience a cyberevent — and the consequences can be quite costly.”
Like all insurance, your premium will be determined by your risk profile, Dial notes. There is no one insurance product that will fit all healthcare organizations, he says. With the help of an IT professional, the hospital should identify the particular risks to which it is most susceptible and insure against those risks, he says.
Healthcare organizations will be presented with multiple coverage options — coverage for breach notification, data restoration, extortion, and business interruption, and third-party coverage for data breach and privacy liability. Policies also may cover regulatory and government investigations and coverage for fines assessed by credit card companies in the event of a breach, Dial explains.