Key Reasons to Consider Buying Cyber Insurance

Michael J. Sacopulos, JD


April 30, 2015

In This Article

Hackers Are After Your Data

Technology, specifically computer software, has been an overall boon to medical practices, making everything from recording a patient's history to billing insurance companies and coordinating care with other physicians faster and easier. But as recent news stories remind us, the number of serious data breaches is rising, with hackers finding their way into the private files of corporations and governments.

But it's not just the "big fish" who are vulnerable to data intrusions: Your practice could be at risk, too.

Take what happened to a New England radiology practice not long ago. Their network was hacked, and more than 230,000 patient records could potentially have been accessed. The costs required to deal with the breach included attorneys, a data forensics team, and patient notification and credit monitoring. Luckily, none of the patients' personal information was determined to have been stolen, but the tab to clean up the mess from the hacking alone exceeded $800,000.

The radiology practice had no insurance coverage for this event. Sadly, this practice isn't unique in this regard.

A Growing and Expensive Problem

The number of US data breaches tracked in 2014 hit a record high, according to a January 2015 report from the Identity Theft Resource Center (ITRC).[1] The industry with the most breaches? "Medical/healthcare." The ITRC found hacking to be the leading cause of data breach incidents in both 2013 and 2014. In fact, the problem reached such a level as to trigger the FBI to issue a "private industry notification" in April 2014, warning healthcare providers of the very real and growing risk of being hacked. The New England radiologists seem to be in good company.

Make no mistake: Data breaches are very expensive. The Ponemon Institute's 2013 Cost of Data Breach study[2] found the average record compromised cost $188 to remediate. Part of this expense relates to legal notices that must be issued to patients whose records have been breached. Although this may sound straightforward, it isn't. The feds have their own notice requirements, as do 47 of 50 states. Just trying to sort out the wording and timing of notification can be a legal nightmare.

Then comes credit monitoring for patients affected by the breach. Those patients will have questions, which may require a hotline. Many times, IT experts are needed to determine the extent of the breach and repair damage to the system. As one poor soul put it, "The expenses don't stop. I'm being bled dry."


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.