Healthcare Cyber Security

White Paper

We recently came across a quote at a cyber forum which said "A computer lets you make more mistakes faster than any other invention in human history, with the possible exception of handguns and tequila." This has never been more appropriate to describe the current environment of network security. 

The healthcare industry sees 340% more attacks than the average industry. Healthcare companies continue to rank poorly in their overall cyber protection compared to other industries. This is concerning given the nature of the personal information and medical records that are maintained by the healthcare industry. The impact is compounded by the rapid digitalization of the industry as well as the increased value of the information.   

Even former President Barack Obama has been quoted as saying "The cyber threat is one of the most serious economic and national security challenges we face as a nation."

Misconceptions

Big data breaches such as Target, CareFirst BlueCross BlueShield, Ashley Madison, Anthem continue to receive the majority of the press coverage in the news.  It is a common misconception that these are the only companies being targeted. 43% of mid-sized companies have experienced a breach.  Furthermore, almost one third of cyber-attacks occur at companies with fewer than 250 employees. The average cost of a cyber-attack on a small or mid-sized business is $188,242.  

Another misconception relates to the sources of the breach. Companies typically believe the perpetrators are always hackers residing in foreign countries thousands of miles away. Companies are also exposed by an employee of a facility or from an outside vendor or medical billing company. In fact, almost one third of companies indicate that an employee's negligence was the cause of a breach.  

Exposure

How well are healthcare companies protecting themselves from email cyber threats?

Surveys show that there are increases and decreases in cyber-attacks throughout the year. This indicates that companies never know when the attacks may occur, making it difficult to predict the breadth and severity of an attack. The only commonality is that the attacks continue to increase. Email continues to be susceptible to attack. This is due to the ease and pervasive presence of email.

Information and the protection of confidential information are critical to maintaining the profitability, regulatory compliance, public image and a competitive advantage in today's business environment.  

HIPAA

Under HIPAA, first-time violations can be up to $50,000 per incident per year and repeat violations can result in a $1.5 million fine. This has the potential to be financially significant for a portfolio company and has the potential to diminish returns for their private equity counterparts. This requires a diligent review of what has historically been conducted from a compliance perspective and a consistent review of programs and contracts on an ongoing basis.     

Insurance

With the ever growing exposures in this area, more and more companies are looking to insurance for a means to transfer this risk. The insurance industry has responded in kind by continuing to expand the breadth of coverage within a Cyber Liability policy to meet these demands. Policies can be structured to respond to various exposures inclusive of the liability associated with a breach, as well as crisis communication and support services. Policies can also be designed to cover business income and extra expenses associated with the breach in order to protect the income stream of the company should an event occur.  


MCMScott Pachtman - Senior Vice President - Property & Casualty 

Scott Pachtman leads a team in the Property & Casualty practice providing technical client advocacy including analysis of client's risks and exposures, insurance program reviews, coverage analysis, policy form review, mergers and acquisitions consulting and due diligence, and contract review. Mr. Pachtman also leads the Healthcare Risk practice group.

 

With over a decade of risk management and insurance experience, Mr. Pachtman served as Vice President for ABD Insurance and Financial Services (Wells Fargo) prior to joining Equity Risk Partners in 2009. Mr. Pachtman holds a bachelor's degree in risk management and insurance and marketing from the University of Wisconsin, and an MBA from San Jose State University. He also holds an Associate in Risk Management (ARM) designation.

Contact Information: spachtman@equityrisk.com
Phone: (312) 980-7859


originalMichael Marcon - President, HUB International and Founder, Equity Risk Partners

Michael Marcon has more than 30 years of insurance experience, pioneering the delivery of insurance due diligence to private equity firms and specializing in alternative risk financing and transactional insurance products. Before launching Equity Risk Partners, Mr. Marcon was Executive Vice President of Aon Risk Services - Mergers and Acquisitions Group and he was instrumental in creating the Private Equity practice for Aon's predecessor company, Rollins Hudig Hall. He served as Regional Manager - Finance for Transamerica Corporation, as well as positions in Special Risk Financial and Capital Management for CIGNA Corporation. 

Mr. Marcon holds an undergraduate degree in economics from Ursinus College (where he was the former chairman of the board of trustees) and an MBA in finance from Drexel University. Mr. Marcon tweets from @mcm7464 and can also be reached through his blog, Michael Marcon Tweets, where he writes about business, tradition, and life. 

Contact Information: mmarcon@equityrisk.com
Phone: (415) 874-7101