Typical medical professional liability policies include from $25,000 to $50,000 in limits for cyber-related exposures, including response to a data breach.
According to the Ponemon Institute’s 2015 Cost of Data Breach Study: Global Analysis, healthcare had the highest average cost per stolen record at $363 compared to an average $154 for other sectors.
Under a worst-case scenario, if your practice suffered a complete breach of all patient records, the cost of responding to that breach including patient notification credit monitoring could exceed the policy limit (assuming $50,000) at around patient record number 138.
Takeaway: If your practice stores more than 138 patient files and has not opted to buy up higher cyber liability limits on your medical professional liability policy, you are likely self-insuring some portion of this exposure whether you realize it or not.