Healthcare is at a much greater risk for a cyberattack because patient health information (PHI) is static; therefore, it can take longer to notice a breach (Eddy, 2022). In some instances, identifying and containing a breach can take as much as 11 months. This delay in containment is compounded by how lucrative PHI is for hackers. These factors played significant roles in healthcare being named the single costliest industry for a breach for the 12th consecutive year in 2022.
The average healthcare breach cost in the past calendar year increased by 9.4% from 2021 (IBM Security, 2022). This increase means the average price of a healthcare breach now surpasses $10 million, a figure which is 80% higher than the global average for any other industry (IBM Security, 2022). This consistent exposure and persistent financial burden pose a significant risk to practices and their patients.
In addition to a disruption in business, cyberattacks affect the practices' revenue, and, alarmingly, they are starting to drive up the cost of care. It is estimated that each patient record that is compromised during a cyberattack will cost a practice $250. Multiply $250 by the number of patients a facility sees, and it's easy to see how quickly a breach could cost the practice a substantial amount of money.
Furthermore, 60% of companies who experience breaches increase prices for their products and services after the fact (IBM Security, 2022). The downtime during the cyberattack, the subsequent response time, and the fines associated with recovery or regulations all contribute to higher care costs. Patients are starting to see higher bills to help compensate for the lost revenue (Eddy, 2022).
In short, insuring your cyber liabilities, providing adequate training, and creating a detailed incident response plan in the event of a breach should all be top of mind.
A comprehensive cyber insurance policy could help supplement some of your training and incident response planning. The most likely way a hacker will be able to implement a system is through human error. Training can help combat that, but most importantly, having a set plan on how to respond to a potential or actual breach is paramount.
Here are just a few things to consider when creating an Incident Response Plan:
Stop additional data loss by taking equipment offline and replacing passwords and logins.
Reassess your vulnerabilities to mitigate any further breaches.
Consult with a lawyer who specializes in privacy and data security. Choose a lawyer who has extensive experience in privacy and data security. They will be able to describe any culpability you may have due to the breach.
Notify the police department of the potential risk of identity theft.
It's vital to communicate the breach to everyone involved quickly. Alert your employees, partners, customers, and investors about a breach.
Reassure them that you're taking the necessary steps to remediate. You'll have to pay for credit monitoring for affected account holders. Be transparent about the nature of the breach, how it happened and what information was taken. Offer tips about how they should respond.
Consider a public relations firm that specializes in crisis communications. This type of firm can craft a message and ensure it is consistent and accurate.
Consider designating a point person to release information about the breach. You may want to post news of the breach on your website or through a press release.
A privacy breach may expose account information like credit card or bank account numbers. In this case, notify the bank or financial company of the breach so they can monitor the affected accounts for fraudulent activity.
If hackers steal social insurance numbers, alert the major credit bureaus.
If you have cyber liability insurance, contact your insurance company as soon as possible. Liability from third-party claims will be covered under a cyber insurance policy, sparing you legal fees and damages that may occur due to the breach. Many insurance companies will help you with most of the above (public response, lawyers, and other details).
This content is for informational purposes only and not for the purpose of providing professional, financial, medical or legal advice. You should contact your licensed professional to obtain advice with respect to any particular issue or problem.
Copyright © 2022 Applied Systems, Inc. All rights reserved.
By having a cyber liability insurance policy, you will gain access to some of the above resources, and your insurance provider will be able to help you mitigate the risk. If you are interested in getting a quote, please fill out a Cyber Liability Request Form.
Or contact Professional Risk to be connected with an agent at (800) 318-9930.
Sources:
Eddy, Nathan. (July 27, 2022). Healthcare Breach costs hit record high. Article [Website]. Retrieved from: Healthcare breach costs hit record high | Healthcare IT News
IBM Security. (2022). Cost of a Data Breach Report 2022. IBM. 3R8N1DZJ (ibm.com)