October is Cyber Security Awareness Month, which means it's a good time for a cyber security check up of your practice.

Posted in Risk Management on Wednesday, October 4, 2017

October is Cyber Security Awareness Month, which means it’s a good time for a cyber security check up of your practice. The following could pose a cyber threat to your practice: 

• Texting your staff or your patients 
• Emailing your patients
• Practice has a website
• Using an offsite third party for such services as billing 
• Advertising or responding on social media 
• Taking credit cards as payments from patients 

Cyber security for your practice should be addressed with the basic risk management principles:

• Avoid
• Modify
• Transfer
• Retain

Avoid the risk

• Avoid inconsistent cybersecurity training
  • Training needs to be conducted regularly, not just once a year.
• Avoid vulnerability.
  • Avoid threats by simply being prepared.

Modify the likelihood or impact of the risk

• Establish and follow sound policies and procedures
• Use only encrypted devices
• Keep software and servers up-to-date with malware protection
• Install antivirus software

Transfer the risk

Basic property and liability insurance coverage doesn’t adequately cover cyber risks. Cyber insurance protects you and your practice from claims which could result in financial losses arising from:

• Security and Privacy breach
  • HIPAA, FCRA and other federal, state and local violations due to release of personally identifiable information
• Compromised, damaged, lost or corrupted damages of data due to administrative error or computer attacks
• Copyright, trademark infringement or misappropriation of ideas
• Business income loss and interruption expenses due to a cyber terrorism attack
• Lost revenue as a result of adverse media reports due to a security or privacy breach
• Expenses, assessments and fines imposed by banks and credit cards due to non-compliance with Payment Data Security Standards

Retain the risk

Odds of being attacked by a cyber breach are 1 in 4.The average cost for each lost or stolen healthcare record containing sensitive and confidential information is $380. Cyber security is not just for the big healthcare systems or your local retail outlet (think Anthem Blue Cross, Home Depot). Cyber security is a necessary business expense just like your malpractice coverage. The best option for addressing cyber security is a combination of the four risk treatment options mentioned above: 

• Avoid risky situations like flash drives and suspicious websites.
• Modify the likelihood and impact of cyber risks with sound policies and procedures.
• Transfer all or most of the risk by purchasing cyber insurance.
• Recognize that you may need to retain some of the risk so budget accordingly.

The only question remaining should be what limits are enough to protect your practice.  Your agent can help you to better understand and address this coverage.