Problem: Individual privacy and protection of personal data are two of the most important concerns for organizations in today’s competitive market. Combine these issues with changes in health care; and cyber risk becomes one of the most critical areas for the risk management team. The financial impact of cyber-related losses in the health care industry can devastate an organization.
- Identify key risks
- Map the risks according to likelihood and financial impact.
- Develop a solution for each risk.
Recently, a health care organization had a computer bag stolen exposing patient information. The loss amount exceeded $7,000,000. Problem Cyber concerns include: lawsuits for privacy theft as a result of disclosure of protected healthcare information, physical injury to patients as a result of administrative errors in managing the network or other technology failure, first party loss of revenue and related extra expenses as a result of a network or system failure, cyber extortion, and third-party liability for errors & omissions in providing IT-related services. Our client assumes these risks are covered under traditional insurance and feels it has implemented technological safeguards to adequately protect it. Our client is uncertain if it has uncovered many of its cyber-related risks and is unaware of the various methods to protect against the financial impact of these risks. Solution PathFinder conducts a risk identification and risk mapping session with its client.
PathFinder conducts a coverage gap analysis because most traditional policies do not cover theses risks. We review our clients’ current policies and determine where coverage is lacking and work with our client and its insurance agent to obtain appropriate coverage or fund for the loss. PathFinder reviews its clients’ IT vendor contracts. We look for your vendors to carry specific coverages and specific limits of liability. We also review the indemnification wording.
Outcome Through risk identification and risk mapping, PathFinder successfully identifies cyber-related risks and map them according to likelihood and financial impact. We address methods of handling each risk whether through risk transfer, implementing risk control strategies or accruing for self-funded losses. Through coverage gap analysis – we uncover several areas of the organization’s cyber-related risks that are not insured. Our client obtains appropriate insurance or funds for self-insured losses for: Privacy liability arising from unauthorized disclosure or loss of private information. Network liability arising from the interruption of systems or other damage caused by damage to your computer programs or data that results from a computer attack or unauthorized access or use of a system or a simple mistake by your authorized personnel in the administration of your computer system. Business Income Loss – earnings loss and/or extra expense as a result of non-physical events such as a hacker attack or a virus. Restoration costs. Public Relations expenses. Investigative expenses. Notification costs. By reviewing and making changes to the vendor contracts, our client reduces their exposure to third party errors and omissions.