Mr. Overly suggests word of mouth as a good place to start the search. The hospital where the doctors have privileges have information technology security people who are a great source of suggestions for people to talk to. Other physicians or practices are another valuable asset when searching for a CI broker. If your legal counsel has, or knows, someone who works in the information security area, get in touch with them.
[Medical/healthcare breaches] accounted for 42.5% of the total across all industries [in 2014].
“Medical professionals often tell me they got their CI coverage through some guy who had a booth at a recent event and could get them a good deal,” says Mr. Overly. “They will do thorough assessments on their patients, but not on the person who will be writing their CI policy. You want someone who can provide you with the level of protection and coverage you need, and this will take some time and effort.”
Subtle Differences
There are not yet any gold standards when it comes to CI coverage, and there can be many subtle differences across plans that need to be evaluated. It’s imperative that the purchasers be careful that the coverage in the contract is close to what they have in mind. Don’t be hesitant to ask questions until you are confident you understand what is covered and what is not.
“Look at CI not as an end to itself, but as a part of your overall approach to cyber security,” says Mr. Overly. “You can’t just buy the insurance and then relax. It has to be a part of your overall program to minimize this risk.”
Kurt Ullman is a freelance writer based in Indiana.
References
- The Identity Theft Resource Center. Data Breach Reports. 2014 Dec 31.
- Ponemon Institute LLC. Fifth annual benchmark study on privacy & security of healthcare data. 2015 May.
- Ponemon Institute/IBM. 2015 Cost of Data Breach. 2015 May.
