Cybersecurity Insurance for the Masses?
So this past summer of 2016 a major Orthopedic practice in the university town of Athens, GA was hit with a ransomware attack. Now these attacks are becoming commonplace and healthcare providers, hospitals, practices are key targets. Often they are poorly protected and they contain quite a lot of valuable confidential health and financial information from thousands of patients. This particular practice, which I'm assuming was HIPAA compliant, was nonetheless vulnerable. Word is they were so easily penetrated that the hacker even offered to "fix" their security issues once the ransom was paid. According to the Ponemon Institute, 91 percent of healthcare organizations saw at least one data breach over the past two years, with more than 60 percent of hospitals lacking a breach response plan. This breach, like so many others came through a 3rd party vendor. It's not as though this is an unexpected occurrence. I don't know who gave them legal advice to ignore the threat or if they carried any cybersecurity insurance or went to the FBI. What I do know is that the blackmailer did not get paid (the amounts seem to run in the $20k range or so). The hacker had access to over 200,000 files and released medical information, social security and financial information into the Dark Web. Turns out that the practice in question could not afford to pay the millions of dollars it would cost to provide credit monitoring for the 200,000 or so patients. Word is they are likely going out business.
That's a tough scenario and it's not unusual but I want you to think for a minute on the impact that a breach like this could have on the consumer, or in this case the patients. What if the medical information now floating around and accessible revealed that someone had a a serious illness, or was taking particular medications. And now what if that individual was a politician or a CEO or a candidate for a job? I think you see where i'm going. It's well known that celebrities of all types are targets of hackers. If 91% of healthcare organizations can be attached AND breached, then you know that anyone with a public persona is vulnerable as well. But the future holds risk for even those who are relatively unknown. Ransomware, blackmail, etc. can filter down to just about anyone. Insurance against exposure may become the norm. Come to think of it, If self driving cars are the future insurance companies are going to have to find new products. Personal cyber liability insurance may just be the thing.