With several large health plans announcing significant breaches in 2015, the need for Cyber coverage has never been more critical to the financial and operational health of a Managed Care Organization. These breaches have brought the need for the insurance, as well as the need for operational controls and procedures to the forefront, and garnered significant attention from the Board of Directors. Compliance with Federal regulations including the PPACA, HIPAA and Hitech, as well as State Laws regarding notification and other legal requirements, come under immediate scrutiny following a breach of any size. A breach also leads to questions regarding the organizations commitment to its insureds, members, and clients. Investigations by Federal and State regulators and the resulting press can be devastating to an unprepared organization.
The 2016 Benchmark Study on Privacy and Security of Healthcare Data conducted by the Ponemon Institute, found that despite the universal risk of a data breach, many organizations lack the funds and resources to protect patient data and are unprepared to meet the changing cyber threat environment. It also showed that data breaches in the healthcare industry are increasingly costly and frequent, continuing to put patient data at risk. Over the prior two years, the average cost of a breach to the study participants was $2.2 million. For the second year in a row, criminal attacks were the number one cause of a data breach. Phishing and web-borne malware, ransomware and denial of service attacks are among the most common of these security threats. Lost or stolen mobile and computing devices remain the number one exposure to loss.
The Ponemon Institute 2017 Cost of Data Breach Study: Global Analysis, found that the average cost of a breach to the study participants was $7.35 million up from $3.79 million in 2015. It also showed that the average global cost of a data breach per lost or stolen record was $141, however health care organizations had a much higher average cost of $380 per record. The 2016/Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, sponsored by ID Experts, showed that, for the second year in a row, criminal attacks are the number one root cause of data breaches. The 2016 study reported that 89% of healthcare organizations and 61% of business associates had experienced a data breach within the past five years..
So what can an organization do to protect themselves in today's environment? First and foremost, develop the appropriate organizational and financial commitment to maintaining a secure and robust organizational solution to protect the entire organization's data. Second, have risk management plan in place to address a data breach event, and third, purchase insurance that provides liability protection and access to a Breach coach along with other resources to help you develop your organizational plan. Finally, have a written implementation plan ready to go in the event of an actual breach event.
Travelers CyberRisk® policy is available to all types of Managed Care Organizations within the Chatham Insurance Services program. Travelers' cyber coverage solutions are specifically designed to help in the event of a cyber breach and provide options that include coverage for forensic investigations and litigation expenses associated with the breach. Additional options are available for regulatory defense expenses and related fines, crisis management or public relations expenses, business interruption, and cyber extortion.
The policy includes access to Travelers eRisk Hub®, a specialized web portal powered by NetDiligence®. This risk management portal provides access to tools that will help prevent and respond to cyber events. It automatically includes tools to build privacy controls, as well as information and IT security programs, white papers, articles, webinars, calculators, regulatory and legal updates. Travelers eRisk Hub® provides access to Travelers Breach Coach service that provides a 30 minute consultation with an attorney to receive immediate triage assistance after a breach.
We can also provide Excess coverage with the Travelers Excess Liability policy. See Excess Page for more information.
"Nothing stated herein affects the terms, condition and coverages of any insurance policy or bond issued by any of the referenced insurers, nor does it imply that coverage does or does not exist for any particular claim or type of claim under any such policy or bond. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations."
Coverage underwritten by Travelers Casualty and Surety Company of America and its property casualty affiliates, Hartford, CT 06183