Data Breaches in Healthcare Industry Lead to New Coverages

  • Print

Insurance carriers are seizing opportunities in the healthcare industry, where huge data security breaches appear to be happening on a regular basis.

Markel is one of the latest to offer free data breach coverage to health-related risks. The carrier is offering coverage for allied healthcare policyholders as an endorsement. Markel also offers standalone coverage with higher limits, so the new endorsement could serve as an introduction to cyber liability for companies not yet ready to jump to a single coverage.

Over the past year other carriers, including Medical Protective and ISMIE, started writing cyber liability for doctors at no extra cost.

While the field appears to be ripe for new products, healthcare providers don’t appear to be moving in the right direction when it comes to securing digital information.

A look at data breach numbers is as frightening as it is revealing, especially in the healthcare industry. A recent study from Ponemon/ID Experts shows that 96 percent of all healthcare providers admit to suffering at least one data breach within the past two years. Overall healthcare data breaches rose 32 percent in the past year.

“Hospital employees are exposing patient data like the back of a hospital gown,” said Rick Kam, president and co-founder of ID Experts.

It’s difficult to pin down the reasons for this increase on just one, but the study largely blames employee mistakes and sloppiness. Almost half of respondents blamed lost or stolen computing devices.

The healthcare industry has made a huge push toward using electronic healthcare records over the past few years to help doctors make fewer mistakes. While this may have helped from a medical standpoint, it has opened up a whole new world of liability when it comes to taking care of data. The Ponemon study shows that more than 80 percent of healthcare organizations are using mobile devices to hold patient information, but only half of those companies do anything to protect them.

These kinds of mistakes can be easy to make, but they don’t come cheap. The study reports that the average data breach costs an organization $2.2 million, an increase of 10 percent over last year.

In one instance reported last month, Sutter Medical Foundation, a California hospital system, had a computer stolen containing the data of more than 4 million patients. And these losses aren’t just being seen by one or two hospitals; the problem is far more widespread. The study estimates that the annual losses total between $4.2 billion and $8.1 billion annually.

That is just the economic part of the equation. It can be impossible to compute the losses to reputation and patient goodwill.

As a result, carriers have released a bevy of new products to meet this growing demand. The ways they approach them can be quite different though.

Late last month Markel introduced a new DataBreach endorsement for its allied healthcare policyholders nationwide.

Fran O’Connell, Markel’s managing director – medical, said the company received feedback from retailers that some companies still looked at cyber risks as a bit of a mystery. She said some small companies think that a data breach is something that couldn’t happen to them, but that this endorsement is a good way to get companies thinking about the possibility.

The new product is free, but only offers low limits. The beefed-up standalone product offers more features such as deductibles and reward coverage. Markel states they will make it easy to transition from using the endorsement to a separate policy.

“We will honor the retro date if the insured takes a year or two before deciding to purchase a monoline policy after purchase of the endorsement,” said Jake Kouns, Markel’s director of cyber security and technology risks underwriting.

Markel’s endorsement covers liability resulting from compromised confidential patient information. Limits for the endorsement are $50,000 to cover the costs incurred by the insured for notification expenses, credit monitoring, and data restoration. O’Connell said standalone limits can easily go up to $1 million with the lowest reasonable limits for standalone coverage being $250,000.

The Virginia-based carrier writes data breach coverage for other areas, too, but O’Connell said that the healthcare industry is one of the targeted industries for the standalone coverage.

The endorsement from Markel comes a few months after Medical Protective and ISMIE launched similar products. Med Pro began offering MedPro CyberShield to policyholders for free in February. Med Pro added the coverage to all of its physicians and surgeons.

ISMIE started including cyber liability for free to its policyholders at the beginning of July. ISMIE’s coverage is slightly different than Markel or Med Pro in that the medical malpractice insurer isn’t providing the coverage by itself. ISMIE’s endorsement is provided through a partnership with Beazley Syndicate, one of the top cyber writers.

Schwarzberg is acting editor of

Related Products


  • January 2, 2012 at 9:13 pm
    mattgenton says:

    hi to all at i thought i had sent this newyears eve but it didnt send so i have sent it again happy new year to all of you
    – matt

Add a Comment

Your email address will not be published. Required fields are marked *