Claire Hart, MIAB
- Posted Tuesday September 1, 2020
Cyber and Data risk should now be firmly on your radar following a recent NHS communication. Consequently, the need for complementary insurance cover may have moved up your priority list by equal measure. However, with many more pressing issues to address, it’s likely the thought of having to conduct a ‘thorough transparent risk assessment’ sits low on your “to-do” list.
Or perhaps you believe that you are already covered? You may not realise that most surgery insurance policies are not designed to cover cyber-crime. As cyber-crime is a relatively new risk, most insurers don’t have enough claims information to confidently cover it outside of a standalone cyber policy. Unfortunately, criminals are ahead of the curve when it comes to using technology to their benefit, meaning that cyber losses are increasing at a startling rate.
As NHS England recently highlighted, cyber-vulnerability has grown significantly since lockdown, particularly with the changes in the way practices now have to work. We are more reliant than ever on digital technology and hence susceptible to attack by hackers, social engineering and phishing attempts. Cyber threats are evolving and malware, ransomware and spyware are on the rise.
The healthcare sector is a prime target because of the high value of the sensitive data it manages and the general lack of practice-level cybersecurity expertise and nationwide underinvestment in cybersecurity. We all remember vividly the disruption caused by WannaCry in May 2017. Stolen medical information is more valuable than financial data, worth on average of 5 x more than credit card details on the black market*. Despite having very strict and time-consuming regulations relating to healthcare data breaches, they still cost the UK healthcare sector £5.2 million on average, almost double that of the global average of £3.2 million**.
Beyond data breaches committed by hackers, patient data is frequently exposed through accidental loss, device theft and employee negligence. Staff within your practice could unwittingly compromise your security, including failing to configure systems, servers and cloud environments correctly, emailing personal data files to the wrong person, not meeting password best practices, or leaving a laptop on a train. Indeed, simple carelessness is responsible for a surprisingly large number of breaches. No matter what systems, controls and procedures are in place, no organisation is immune to the risk.
One size does not fit all
That’s where MIAB can help you, making the process of cyber cover as seamless and hassle-free as possible. Every breach is different, but you can be confident that we have the in-house expertise to give you the best advice. Plus we have access to a panel of expert underwriters to provide you with a bespoke solution.
With decades of experience working in the health sector, the team at MIAB can quickly assess your specific needs through a series of simple questions. It takes minutes to put in place a policy providing you with a range of appropriate cover options. Protection that can include;-
- Costs recovered for damage to data or programs.
- Recovery of costs relating to ransom demands, reinstatement of data and replacing damaged hardware
- Network failure cover that replaces income lost, extra expenses and business interruption costs
- Network/privacy breach cover that provides for notification of patients and affected third parties and legal costs in the event of third party data breaches - up to £15 million
- Consequential reputational harm - compensation for malicious content
- Cover for fines, penalties and costs including GDPR Penalties, which can be up to 4% of your annual turnover
- Security breaches compensation - for funds paid to fraudulent sources e.g. where hackers redirect suppliers or invoice payments
- Legal and regulatory defence costs and special computer forensic support
- Plus credit and identity monitoring services and even a call centre on hand to manage the incident and its consequences.
Think of cyber insurance as your own in-surgery “crash” team! Our selection of trusted providers can support you with the resources and a dedicated team of experts to manage a comprehensive cyber-attack response plan.
Find out more about MIAB’s cyber liability and data insurance offerings here.
If you wish to discuss how you can protect your practice and would like to explore how we can provide a tailored solution, please get in touch at firstname.lastname@example.org or visit us at miab.co.uk