Cyber: Unintended disclosure
- An IT vendor had inadvertently unsecured a file containing over 30,000 patients’ billing information such that it was searchable on the internet using search engines such as Google. The hospital discovered the incident during security testing when a larger healthcare system acquired the hospital. The information exposed included names, date of births, addresses, treatment information, and insurance information. The hospital utilized outside legal, forensics, notification services, a call center, credit monitoring and crisis management. The hospital was investigated by multiple regulatory authorities.
Cyber: Hacking or malware
- A healthcare organization was attacked by a sophisticated foreign phishing attack which exposed information in employee email boxes of nearly 20,000 pediatric patients. Employees had clicked on the phishing emails and either gave up credentials or launched malware into their network. Forensics found some evidence of data exfiltration. The data contained patients’ names, clinical information, phone number, addresses and insurance information. BBR Services coordinated outside legal counsel, forensics, notification, a call center vendor, and credit monitoring. A regulatory investigation is pending.
Technology & Media Liability
- The insured is a software computer company specializing in converting medical data, usually from an upgrade or switching electronical medical record (EMR) software. The claimant brought a medical malpractice claim against their healthcare provider and two doctors for improperly prescribing a drug. The insured was brought in as a third-party defendant and the compliant alleged that the patient’s medical records were not properly transferred from one EMR software to another, which led to improperly prescribing the wrong drug.
Medical Malpractice: Failure to diagnose
- The claimant, a 29 year old female, alleged that the insured providing telehealth services prescribed contraindicated birth control pills, resulting in a catastrophic and life-altering stroke. Investigation by defence counsel determined that claimant had initially provided a medical history of migraines without auras, and was prescribed a 3 month supply of birth control pills. About one year later, the claimant filled out a new history and indicated migraines with auras, for which the birth controls pills prescribed is contraindicated, and was started on another prescription.
Medical Malpractice: Failure to treat/monitor
- The insured provides telemedicine health counselling. A claimant submitted a complaint in which she reported abdominal pain and asked if she was able to travel. The insured’s doctor wrote an antacid prescription and said she was able to travel. The doctor said she should go in and get examined if abdomen was distended. On the way to the airport the claimant needed to change course and head to the emergency room instead and was found to have a ruptured appendix, requiring emergency surgery.