Featured in this month’s MaineAhead Magazine is an article we wrote about the tragic risks and consequences associated with a data breach. Reliable Networks founder, L. Mark Stone, recounts a speaking engagement at an October health care conference, MIMS2010. Physicians there were alarmed to learn that neither general liability insurance nor malpractice insurance typically covers a medical data breach, even if they were HIPAA compliant at the time of the breach.
The reasons for this coverage gap are several: First, property and casualty insurance policies are written to cover tangible items and data isn’t tangible. Medical malpractice insurance policies don’t consider a data breach a medical error and so don’t usually cover the costs from data breaches. Even General Liability policies rarely include data breaches in the specific list of liabilities covered.
Worse, breaches are expensive! The estimated cost for a data breach spans $220 – $330 per record. Consider a primary care physician with a panel (i.e. patient base) of 4,000 patients. The practitioner’s cash out-of-pocket costs to remedy a typical data breach could exceed $1.0 million. Almost all states mandate some form of data breach reporting, and a quick search on DatalossDB.org shows health care providers are reporting data breaches frequently. Fail to report appropriately and your out-of-pocket costs go up; Stanford was recently fined $250,000 for failing to report a breach on a timely basis.
As businesses convert to electronic records or migrate to the cloud, increasingly more insurance companies offer cyber liability and data breach insurances. Rates vary depending on the risk within the practice. But it’s not easy obtaining cyber liability and data breach insurance. The vetting process is very thorough and time-consuming. We tell clients that the process is not unlike going through an actual security review — not a bad thing to do in any event since being “compliant” doesn’t necessarily mean you are “secure”!
The good news is that, with a combination of properly trained personnel and a secure network (not anywhere as expensive a proposition as you might think), any company can reduce the likelihood of these tragic and unexpected costs.
If you would like to see how your network security configurations compare with others, please feel free to call us at 207-772-5678.