It’s a relatively new form of insurance, but one that’s becoming a necessity, even for firms that might think they’re too small to attract hackers. It covers loss and damage resulting from the theft, exposure, improper sharing or holding for ransom of patient data. It covers deliberate actions, such as hacking or ransomware, as well as accidents, such as a lost laptop containing unencrypted patient information or a coding error that exposes patient data.
A comprehensive policy will also cover paper documents, as much information is still stored in physical files. It should also include first-party and third-party coverage. First-party coverage pays for damages suffered by the policyholder while third-party coverage compensates for damages caused to others by the data breach, such as legal fees incurred as a result of lawsuits filed by patients. concerned.
Malpractice and general insurance policies often include cyber coverage, but usually not enough.
When buying cyber insurance, make sure the insurer is obligated to provide a full range of assistance in the event of a breach, such as paying regulatory penalties, hiring IT experts to find and fix the violation, hiring lawyers to defend patient lawsuits, and paying ransom to release compromised data.