05/16/2018    James E. Spitsen, ARM, CIC

Cyber Security Insurance (Joe Boylan, DPM)

Dr. Boylan asks a great question regarding cyber
insurance when he asks “how much is enough?” The
answer depends on several factors:

1. How large is your practice? How many patients
could you potentially need to offer credit
monitoring to as the result of a breach?

2. Is your practice fully electronic? If so are
you using the ‘cloud’ to store your patient
records? Are you using a third-party vendor for
your EHR or medical billing and if so, have you
read what the limits to their responsibility are
in case of a breach on their end that affects
your data? All of these scenarios potentially
increase your exposure to a cyber liability loss.

3. What type of cyber training have you performed
with your employees to prevent a loss? Are all
computers password protected? Do you change
passwords often? Is everyone trained to double
check all requests for patient information or
payments? Have you discussed cyber security with
the vendors you utilize for patient billing,
payments, record storage, etc.? Do you allow
employees to use business computers for personal
use such as for their own email or social media?
Do you change the manufacturer password that is
installed on your servers or routers?

Most professional liability policies and some
office package policies offer some built in cyber
liability protection and many of those companies
offer you the opportunity to increase those
limits. There are also separate stand-alone
policies available that usually offer higher
limits with more comprehensive coverage along
with a more competitive premium.

Cyber liability exposure also continues to
evolve. The latest issue relates to “social
engineering”. In a social engineering scenario
someone in the office could be lead to make a
payment to a fraudulent account or divulge
protected health information such as patient
health insurance information that is then used
for fraudulent purposes.

Some cyber policies have added some coverage for
social engineering exposures and some have not.
Some companies have decided that a social
engineering loss is more of a professional
liability exposure than it is a cyber exposure
since it is a failure on the part of the insured
to verify to whom they are having communications
before releasing information or payments.

It would be great if there was a formula that
would let you know how much cyber to purchase but
of course there isn’t. It would be a great
conversation to have with your insurance
professional. Together you can arrive at a cyber
program that provides the coverage you need at a
premium that is reasonable.

The more you manage your cyber liability risk the
less chance you will be a victim of a cyber loss
and the more comfortable you can be with the
limits that you have. If you don’t manage your
cyber exposure at all you may not be able to
purchase limits higher than those provided in
your professional liability and/or your office
package policy.

A cyber limit of $50,000 is better than nothing
but won’t get you far in the long run. A single
podiatrist can purchase a $1,000,000 separate
stand-alone cyber policy for around $500.
Practices with multiple podiatrists would get a
discount with each additional podiatrist in the
practice.
In the interest of being open and above board, I
am an insurance professional that has specialized
in the insurance needs of podiatrists for over 18
years.

James E. Spitsen, ARM, CIC, Lincoln, NE

There are no more messages in this thread.