How to implement healthcare cyber insurance
Photo: luis gomes/Pexels
Two new one-pagers from U.S. Health and Human Services aim to support healthcare organizations in taking steps to implement cyber insurance best practices today.
WHY IT MATTERS
"Cyber insurance can help protect your organization from excessive costs that can occur in the event of a cyber attack," according to the 405(d) program in its announcement on Dec. 14.
The resources – one for smaller organizations and another for medium and large ones – explain why cyber insurance is an ongoing partnership between healthcare organizations and their insurers.
With them, health IT specialists can learn about the steps they need to take to continually improve their organizations' security, including how to think about their duty to defend and incident response planning.
THE LARGER TREND
The HHS 405(d) Program was created as a provision of the Cybersecurity Act of 2015, and the task group was initially convened with 150 individuals from the government and the healthcare industry.
More recently, the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services released the Cybersecurity Toolkit for Healthcare and Public Health.
With the considerable cybersecurity challenges of the healthcare and public health sector system, government and industry seek to shore up gaps in resources and cyber capabilities. Since 2015, the conversation has moved from if a healthcare organization is attacked to when.
"We have seen a significant rise in the number and severity of cyber attacks against hospitals and health systems in the last few years," added HHS Deputy Secretary Andrea Palm.
"The more they happen and the longer they last, the more expensive and dangerous they become," she said.
John Menefee, cyber risk product manager at Travelers Bond and Specialty Insurance, told Healthcare IT News in June that insurance carriers are getting better at helping healthcare organizations protect their infrastructure before threat actors strike.
ON THE RECORD
"If your organization becomes the victim of a cyber attack, cyber insurance can provide your organization with access to third-party breach specialists including forensics, independent legal counsel working on your behalf and possible reimbursement of loss of business coverage or revenue," 405(d) said in the new resource.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.