To help you get the conversation started, we’ve put together a handful of questions to ask along with key talking points for each.
-
Is your business a healthcare provider using technology to deliver services, or a technology firm providing healthcare solutions?
In either case, CFC’s eHealth product offers a comprehensive and convenient insurance and risk management solution for you.
Our market-leading product, underwritten by experienced underwriters covers third-party liability for in-person and electronically delivered healthcare services, as well as nonprofessional business activities such as office exposures.
The policy seamlessly encompasses liability coverage for technology errors resulting in bodily injury or financial loss to others. Alongside this is our cyber coverage, for the investigation and resolution of privacy breaches, cybercrime coverage, incident response and business resumption service.
-
Do you outsource technology services to third-party vendors?
Even when a technology service is outsourced to a third party, you can still be held liable for technology services provided on your behalf, and you’ll likely be responsible for notifying affected individuals and addressing subsequent regulatory actions. So, having appropriate coverage in place is vital.
-
Do you send or receive payments electronically?
The increased adoption and utilization of online healthcare has brought rise to a heightened risk environment for cybercrime, such as social engineering and fund transfer fraud. Cybercriminals are increasingly intercepting electronic fund transfers, often by hacking into email accounts, pretending to be someone else, and sending fraudulent instructions.
These scams are becoming more sophisticated and even harder to spot as they often come from real email addresses and mimic victims’ behaviours. Payments are often transferred quickly into other accounts and banks rarely replace the losses.
-
Do you serve patients across multiple jurisdictions?
Technology facilitates rapid expansion in digital healthcare, enabling the delivery of healthcare services across multiple jurisdictions. However, regulations affecting the provision of services across regions are continuously evolving, particularly across AI, data privacy, and healthcare services more generally. This makes businesses increasingly subject to the constantly evolving regulatory framework, locally, domestically and internationally.
Affirmative regulatory cover can help mitigate the impacts of a regulatory or licensure investigation initiated against you, or your healthcare providers, as a result of your healthcare or technology services, globally.
Additionally, our policy can cover activities performed in overseas territories and respond to claims filed worldwide.
-
Do you collect, store, process or have access to personally identifiable information (PII) or personal health information (PHI)?
Both PII and PHI are subject to rules and regulations about how you collect, use and store that information governed by local authorities. If you do not adhere to these rules in the local territories you serve, then you could face regulatory fines and penalties.
If sensitive information that you are responsible for is subject to unauthorized access or disclosure, you will most likely have to notify affected individuals of the breach and provide credit monitoring services, also incurring further legal and forensic costs.
Not all security breaches stem from malicious third parties. Frequently, it could be as simple as misplacing a company laptop or inadvertently sending an email containing sensitive information to the wrong recipient.
Cyber insurance covers a range of costs associated with responding to data breaches, including legal advice, notifying affected individuals and any regulatory fines and penalties that may be incurred. Due to the vast amount of sensitive data stored, healthcare is one of the most targeted industries for cyber attacks, something that is especially true for digital healthcare businesses whose primary business model leverages technology, and data, to operate.
-
How long can your business operate without access to computer systems and the data they hold?
Modern day healthcare businesses heavily rely on technology to operate, making them more susceptible to ransomware and targeted extortion attacks by cybercriminals. These attacks can involve encrypting key data and demanding large sums of money in exchange for the decryption key.
Many small businesses often lack the technical and in-house resources to deal with attacks like these and can struggle to recover from them. Cybercriminals also often target and disable backups, leaving businesses with limited options for data restoration.
Responding to attacks promptly is crucial, not only to mitigate the financial loss, or business downtime, but also the potential loss of life, bodily injury or harm. It is critical that the business interruption is kept to an absolute minimum, to ensure continuity of care is not lost or personal information leaked.
Cyber insurance not only gives you access to a range of technical experts to help get you back online fast, but it also covers the financial losses incurred as a result of your business being interrupted and the costs of re-creating any corrupted data. It can even cover the reputational impact of cancelled contracts and customers choosing to go elsewhere.