Healthcare data breaches occur on a daily basis in the US. Most healthcare providers expect it is a matter of “when” not “if” they will be impacted. The US Department of Health and Human Services reported 325 healthcare data breaches in in the first six months of 2021. As the threat of being hacked increases, more health care providers are purchasing cyber liability insurance to protect against data breaches or online attack.
The timing could not be worse. With cyberattacks on the rise, and demand for coverage surging, the $3 billion cyber insurance industry is facing higher costs and substantially more risk than ever before. According to the National Association of Insurance Commissioners, premiums have more than doubled since 2015. Some companies report their policy premiums increasing 35% over prior year. Almost all premiums climbed by double digits in 2020.
As a result of soaring losses, insurers are doing more due diligence on customer’s applying for coverage, raising prices, and limiting the liability coverage. Upper limits of $10M are really a thing of the past and policy holders are receiving notices that the coverage is being slashed to $5M or even less if the policy holder cannot demonstrate their compliance with data privacy standards and best practices.
Due to the uptick in ransomware losses, the underwriting process now often requires the applicant to provide written documentation of security audits, submission of incident security plans, disaster recovery plans, and compliance with industry standards like SOC or HITRUST. Some companies will find that they are unable to obtain cyber coverage at all.