HIPAA Cybersecurity Insurance

Call us at: 877-275-4545

Healthcare businesses need to be aware of the requirements that come with a cybersecurity insurance policy.
In a world of online profiles, splashy websites, and great social media campaigns, businesses can misrepresent themselves in more ways than one. A great photo of your team or a full biography may help create patient trust, but it doesn’t mean a thing if you can’t back it up with excellent patient care. By the same token, having a cybersecurity policy in place won’t help if you’ve misrepresented your business policies and practices that are in place.
Being HIPAA compliant is required for your cybersecurity policy to be valid. Why should this be necessary? Because a strong HIPAA program is so intertwined with a strong cybersecurity program, you can’t remove one without compromising the integrity of the other. Having measures in place that reduce the risk of your likelihood of a breach will also strengthen your HIPAA program. If you misrepresent your business’s security and say that “measures are in place” when they are not being actively utilized, you risk being dropped from your carrier, or worse, not covered in the event of a breach.
Recently Travelers Insurance asked for a client policy to be rescinded based on misrepresentation. They filed a motion this past July based on a cyber insurance policy that they had issued to a company that had declared that it had in place, and was using, multi-factor authentication (MFA) on its server. This was verified by their CEO and additional team member. After that same company suffered a ransomware attack, it was discovered that they were NOT using MFA as indicated. Travelers Insurance believes that the application statements were misrepresentative and concealed the actual truth of the situation. They are asking for the insurance contract to be declared null and void. This means rescinding the policy and all liability on their behalf.