Sony, Target and Your Medical Practice
What do Sony, Target and your medical practice have in common? Much more than you may think!
Last December we all watched as Target announced that they had fallen victim to a cyber-attack and a vast amount of financial and personal data from customers was stolen. To date, Target has been fighting various lawsuits, including a recent verdict in which financial institutions that spent money protecting their customers after the Target hack are now able to sue Target to recoup their expenses. Flash forward to this December – you can’t read the news without hearing about the recent hack on Sony in which personal information from employees, including emails, was stolen. Employees have already filed two class-action lawsuits against Sony. Cyber-hacks of this magnitude are becoming almost-weekly events, but they are all so relatively new that legal-case precedence is being set with each new cyber-breach lawsuit and it is very difficult to predict where this will take us.
What does this have to do with your medical practice? The hackers have now realized that many medical practices have not fully protected their data. You store private information about both your patients and employees. Patient information, specifically, is very valuable on the black market because your data includes so much personal information. Healthcare credentials are worth about $20 each, compared to credit-card information that is only worth about $1 – $2 each. Healthcare is the number one attacked industry in our country right now, accounting for 51% of breaches. You may not hear about it as much since it’s not as juicy as North Korea releasing George Clooney’s alias and emails about Angelina Jolie, but it is prevalent and you and your practice are at real risk.
There are two main causes of data breaches in the healthcare industry – technology and human error. Technology includes malware, viruses, cyber-attacks and all the high-tech stuff. Human error includes rogue employees; information mishandled by vendors; lost or stolen laptops, tablets or cell phones (remember AvMed?); unauthorized access; or even inadvertent private-information release from you or an employee. Examples include improper disposal of patient information or a fax sent to the wrong number. I want to go back to AvMed for a moment and just mention that they have recently set aside $3 million to cover costs of a patient data breach from stolen laptops of unencrypted data.
Cyber-liability claims are expensive for a number of reasons. There is the cost of determining what happened and then the mitigating action you must undertake, which includes expensive, fancy specialists, mailing notices to patients and credit monitoring. This can add up quickly – and this is all before paying for any lawsuits, attorney fees and fines that may be imposed.
The bottom line is you need to protect yourself. Some in the industry say it is not a matter of if a cyber-breach will happen, but when. Many professional-liability policies include minimal limits for cyber-issues, but based on the trends in the cost to practices for cyber-breaches, these limits may well not be sufficient when you need them. Contact us at Danna-Gracey to find out about stand-alone cyber-liability policies and resources to help you protect yourself from having a data breach. With comprehensive insurance coverage in place should you have a breach, you will have experts to turn to and you and your practice will not be as financially vulnerable.