Are you insured for a data breach?

If you store any personal information such as names, addresses, phone, social security numbers or credit card data and any 3 pieces of information are disclosed you, as the business owner, are responsible. There are serious fines and penalties for any breach or disclosure levied by the Federal Government as well as State penalties regarding the release of personal information such as; names, addresses social security numbers, credit card numbers, etc.

Should a data breach occur, under law, you are required to immediately investigate the extent of the data breach. That may require hiring a computer forensic specialist. You must notify in writing all parties whose information was compromised. Of course, notify Health and Human Services. With the exception of fines or penalties the cost estimate is $250 per record. In addition, there are potential legal consequences and the public relations fallout that must be dealt with promptly.

Common Misconceptions

Protecting data stored on the cloud is the responsibility of the cloud storage provider.

Generally data stored remotely is not covered. However, depending on the contract with the cloud service company, many contracts indemnify the cloud storage provider in the event the system is compromised. This leaves the business to deal with the repercussions.

The credit card processor is responsible if their system is compromised and patient data is released

It is the responsibility of the business to notify their customers or employees and follow protocol regarding a data breach. This may include 12 months of credit monitoring and leave the practice vulnerable to lawsuits.

My business owners policy includes this coverage

Most likely it will not be adequate insurance. While there may be provisions for replacement of lost data, general liability does not include the comprehensive coverage a practice will need.

Ways personal information can be compromised

  • The server can be hacked from outside
  • The server or devices, including desk top computers, laptops or other equipment which stores information are stolen or lost
  • A virus attacks the hard drive and data is lost or frozen
  • An employee unintentionally leaves information in plain sight or neglects to secure the files
  • A disgruntled employee damages the system.

Extortion

Today, cyber criminals have the ability to infect your system with a virus that prevents access to data stored on the hard drive. A message is sent to the computer requesting a payment be made within a specified time frame or the data would be irretrievable. If, in fact, this results in the system being inoperable then activity would cease until the system can be replaced or restored.

Before there is an incident

Things you need to do in advance of a data breach

  1. Make sure you have trained all staff as to the proper procedures and practices to prevent an unintentional disclosure
  2. Complete an audit of the operation looking for areas of vulnerability
  3. Make sure your anti-virus software, encryption and firewalls are updated regularly and files are backed-up
  4. Be certain all devices are encrypted should they become lost or stolen. Don’t forget copiers and fax machines which also store data
  5. Make sure you have a comprehensive cyber liability insurance policy to protect the financial assets of the practice in the event all else fails and there is a breach

Insurance Protection

Cyber Liability Insurance

Cyber liability insurance will generally cover both 1st and 3rd party costs in the event of a covered loss. This means any lost revenue is protected, as well as replacement of data. But also, penalties, fines and notification cost as well as the cost to hire an attorney or bring in a public relation specialists.

The cost of insurance is reasonable considering the exposure in the event of an incident.

Regardless of the precautions taken, the risk of a release of confidential information is highly likely. It is imperative to take steps to make sure the practice is protected

The DePuydt Agency

The DePuydt Agency specializes in cyber liability insurance. We can examine any current policies to see what coverage is currently in place and recommend any additional insurance that may be required.

Contact us with questions.

Gary DePuydt
gary(@)thedepuydtagency.com
602-999-7046