Hi Jennifer,
The Change Health hack seems so big and remote compared to what I view as threats to my practice. Should i be evaluating Cyber Insurance? Am I being Naive?
Appreciate your insight.
Dr. G
Answer:
Whether to purchase insurance is not always a "yes" or "no" answer. I would say, depends, on a number of factors. Do you qualify for a policy priced as a premium where the deductible is reasonable and coverage benefits are meaningful? I see many marketed cyber policies with large deductibles and coverage carve outs. So, you could be paying for a policy that may be nonsensically expensive to avail yourself of, or where, if you did file a claim, that potential claim may be denied due t o lack of coverage. The barometer for insurance coverage is whether the cost will alleviate reasonably anticipated and potentially expensive exposure. Usually, your risk profile will dictate premium pricing.
To address your point that Change Health feels bigger than you; smaller practice, small chance of audit, right? Perhaps. Certainly the risk is there for practices of every size, and the threat can be internal and external. Internal from individuals inside the practice bringing a cyber attack to you by pressing spam links, and external from outside sources attacking. Cyber is, of course, not simply a ransomeware scam; a cyber attack is often interlaced with HIPAA and patient record, PHI or payment data information exposure. Depending on the policy selected, you may have coverage for attorneys fees, damages payments, audit defense, fines and fees. When shopping for a policy, Buyer Beware - devil is in the details.
Need a broker recommendation or counsel assistance to sort through the options? Let us know. We are here to help.
