Data breaches continue to dog hospitals across the country, with facilities in California, Indiana, Maryland, Massachusetts, North Carolina and Ohio responding to incidents over the past month.

So far this year, at least 32 hacker-caused breaches have hit health care providers, the U.S. Department of Health and Human Services Office for Civil Rights reports. Close to 65 percent of health care organizations surveyed reported some kind of information security incident over the past two years, reported the Pomenon Institute, an information-security think tank.

The same study from the Pomenon Institute pegs the nationwide cost of such breaches at close to $6 billion. Several states, including California, have witnessed class-action and other lawsuits stemming from incidents.

Various commentators from the regional media have recommended that health care providers do more to secure data — and to establish additional layers of protection for their operations.

An Aug. 17 L.A. Times story documented how health care and other businesses are increasingly discussing cyber security in board rooms.

In another L.A. Times story last month, Dr. Deborah Peel of Texas-based Patient Privacy Rights said that systems now in place do not make security their top priority. “Health care records are the new credit card data for international theft rings,” she said.

The average hospital uses between 150 and 650 specialized software systems, Peel added last week. “The thing people don’t understand is that the current (hospital software) systems cannot prevent breaches,” Peel told HASC Briefs. “They’re so leaky, that the basic technology needs to be radically redesigned.

A leading health care law firm recently identified specialized insurance as an area hospitals might explore to create more protection.

Hospitals and health systems “should verify whether their existing insurance covers them in the event of a breach,” the report stated. “Although the market for cyber security is still nascent, there are carriers that offer first-party cyber security insurance policies.”

Early this year, the HASC teamed with insurance provider AIG and insurance broker AmWINS to create a coverage package designed to protect health care providers.

The CyberEdge® Cyber Liability Insurance Policy, co-developed by HASC, is not sold by the association. Dave Weller and Emily Agramonte of AmWINS Insurance Brokerage of California, LLC can answer questions about the product. Weller can be reached at (213) 254-2245 or dave.weller@amwins.com. Agramonte can be contacted at (213) 254-2229 or emily.agramonte@amwins.com.

As of this month, two Southern California hospitals have retained the coverage. Several more are in the process of acquiring it, said Scott Twomey, HASC’s senior vice president and chief financial officer.

Not all insurance policies are the same, of course. Experts advise facilities and organizations to study and understand what is and what is not covered.

Contact:
Shauna Day
(213) 300-8204
sday@hasc.org