Information exposures are difficult to control and are subject to many different types of loss events. And even with the best systems, controls, personnel and procedures, no organization is immune to the risk.
It only takes one small human error, a simple property crime, or one clever hacker, to compromise millions of patient records, or otherwise wreak havoc on your organization.
Essentially, a data privacy breach is not a question of "if". The only question is "when?"
It is safe to assume that poorly handled breaches result in far higher patient defection rates.
An effective response is a complicated response. BBR Services will be with you every step of the way, providing effecting data breach protection for your healthcare organization.
The scale of protected health information (PHI) maintained by healthcare organizations and the digitization of electronic health records have increased the vulnerability to large breaches. Compulsory breach notification laws provide a great deal of exposure. In addition to the patchwork of state laws affecting all businesses, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) operate at the federal level. These laws require time-consuming and labor intensive internal investigations, specialized outside vendors, and can often disrupt a healthcare organization’s ability to prioritize patient care.
The publicity and patient dissatisfaction that surround a cyber breach have spurred a wave of class action complaints against organizations big and small. Relying on a variety of medical privacy laws, enterprising plaintiffs' lawyers have filed complaints seeking billions of dollars in damages. The specter of such damages, and the sizeable costs of litigation, often push organizations to settle even in the absence of any clear harm to the affected patients.
State and federal regulators have made one point clear: a significant breach of patient information and patient records will result in monetary penalties, onerous corrective action plans, and on-going audits. Whether through the strict data privacy and security requirements of HIPAA privacy rule and HITECH, or the increasing interest of state attorneys general in enforcing medical privacy laws, the regulatory landscape for healthcare organizations carries an immense amount of risk. Regardless of any legal liability, a healthcare cyber breach greatly increases the risk of reputational and brand damage.
Beazley, a leading insurer of technology and information security risks, has developed BBR, a solution to privacy breaches and information security exposures tailored to the needs of healthcare organizations. BBR is a complete privacy breach response management and information security insurance solution which includes a range of services designed to help you respond to an actual or suspected cyber breach effectively, efficiently, and in compliance with the law.
- Legal services
- Computer forensic services
- Notification services for up to 5 million affected individuals
- Call center services
- Credit monitoring, identity monitoring or other personal fraud or loss prevention solutions
- Public relations and crisis management expenses
- All of the policy’s multiple limits will be available for breach response.
- Business interruption loss from security breach or system failure
- Dependent business interruption loss from security breach or system failure
- Cyber extortion loss
- Data recovery loss
- Data and network liability.
Third party coverage
- Third party information security and privacy coverage with up to $15M
- Full media liability
- Regulatory defense and penalties
- Payment card liability and costs.
- Fraudulent instruction
- Funds transfer
- Telephone fraud.
Criminal reward coverage
We greatly appreciate Beazley's Breach Response services and the efficiency and knowledge that is available to us when we need it the most.