In a word, yes. Many podiatrists significantly underestimate how much a breach will cost, and think they can self-insure it. Outlining what will happen in the event of a breach is very useful when understanding the value of cyber liability coverage. Below are a variety of claims scenarios that help illustrate the severity of cyber claims, and how widespread cyber breach activities are throughout the healthcare industry.
Scenario 1
Scenario 2
A provider of in-home podiatry care was investigated by the Office for Civil Rights (OCR) after receiving a complaint that one of the provider’s employees left behind documents containing the protected health information of 278 patients after moving residences. Evidence supported this complaint. The OCR found that the provider was significantly lacking adequate policies and procedures to address the safeguarding of patient information when taken offsite. As a result, the provider was ordered to pay $239,800 in civil money penalties imposed by OCR.
Scenario 3
A mid-size podiatry group’s network of computers was infected with ransomware, potentially compromising patient data. The group did not pay the ransom and instead focused its efforts on reconfiguring the computer system and restoring the data from backups. Under state privacy laws, the group was required to notify almost 20,000 patients about the breach. Cyber insurance covered the group’s breach notification costs, which totaled approximately $55,000.
Scenario 4
The personal data of over 2,000 credit and debit cardholders was exposed when a podiatry group with multiple locations learned that 10 of its card readers had been compromised by a rogue employee. Across several of the group’s locations, the readers had been manipulated and credit card data had been “skimmed” to sell on the black market. The group’s bank investigated and found that the group failed to maintain data security controls required under the Payment Card Industry Data Security Standard (PCI DSS). The bank imposed fines and assessment against the group for PCI DSS non-compliance.
If you have any concerns about your cyber coverage and want to know more about what we offer, fill out our online form to receive a no-obligation quote!
Please note: These risk/claim scenarios are provided here for illustrative purposes only. The scenarios are examples of the types of claims and associated costs commonly seen and do not represent a comprehensive explanation of any one particular claim. While the subject coverage is designed to address certain risks and associated costs, coverage may not be available in all circumstances. Each reported claim will be evaluated on a case-by-case basis. The actual policy or endorsement language should be referenced to determine coverage applicability and availability.
The information contained on the PICA Blog does not establish a standard of care, nor does it constitute legal advice. The information is for general informational purposes only. We encourage all blog visitors to consult with their personal attorneys for legal advice, as specific legal requirements may vary from state to state. Links or references to organizations, websites, or other information is for reference use only and do not constitute the rendering of legal, financial, or other professional advice or recommendations. In the event any of the information presented conflicts with the terms and conditions of any policy of insurance offered by ProAssurance Insurance Company of America, the terms and conditions of the actual policy will apply. All information contained on the blog is subject to change.