Cyber theft and cyber crime is rampant across all companies both big and small in the US. The damage, both financial and reputational, to these entities is often costly and a concern to those affected, as well as the insurance providers who must answer the call when claims are filed.
It is in the best interests of those operating in the healthcare industry to take certain precautions in order to prevent the disclosure of personally identifiable information and alert those responsible for the cyber security insurance coverage in the insurance industry should a breach occur and/or if an action is taken against those victimized.
Medical accounts have significant value on the black market
It is estimated that hackers can steal a company’s medical accounts and quickly sell those numbers to black marketers for a price up to ten times more than that of a stolen credit card. The black marketers then buy those account numbers in order to purchase medical supplies and drugs. Some black marketers will even go as far as to create authentic-looking counterfeit medical cards, selling them to customers who will then use it to go to a clinic, dentist, or possibly even to seek critical care at an emergency room.
Unfortunately, the medical industry is unprepared to deal with many of these cyber attacks taking place. Many of the current solutions will be difficult to deploy quickly or cheaply, mainly because medical care is provided via a patchwork of independent insurance companies, practitioners and hospitals.
This can be costly to all parties violated by these thefts and often has a rippling effect. Those companies that are best prepared will have procedures and guidelines in place to enable them to deal with the crisis, having employed any reasonable efforts to prevent a cyber attack as well as protect personally identifiable information.
Instituting a data breach response plan (DBRP)
An essential component of any plan is preparing for an incident suffered by an insurer, insurance producer and other third-party companies (a data breach response plan). Third parties and producers should be audited to determine if controls are in place to protect personally identifiable information.
Despite the best efforts of cyber crime specialists, these thefts will continue to undermine the healthcare industry for some time to come. Cyber security insurance is the one thing that helps to somewhat level the playing field.