In 2015, hackers were at it again. On January 29, Anthem, Inc., the nation’s second-largest health insurer, was the target of a very sophisticated cyber attack. Hackers armed with a stolen password gained access to the Anthem database containing information on 80 million customers and employees. They stole massive amounts of data that included names, birthdays, medical IDs, addresses, income data, and Social Security numbers.
The massive data breach might carry an equally massive price tag. Anthem does have a cyber insurance policy written by AIG, Lexington, Safehold and Zurich, among others. But it only covers losses up to $100 million. As Anthem begins the task of notifying the 80 million people affected by the attack, this amount will not even be enough to cover the cost of postage, let alone cover damages due to the data breach. And Anthem will have to spend millions more to fix its security problems and rebuild its reputation.
The breach at Anthem provides a striking example for healthcare providers who run their own practices. Data breach insurance is a necessity these day when physicians maintain large databases of personal patient information. What seemed like a reasonable amount of coverage a few years ago might not be enough today. A data breach can negatively impact a physician’s reputation by causing patients to lose trust.
If hackers sell data or make it public—or even if it is made public by accident—a healthcare provider will need to hire a legal defense and public relations professionals as well as notify patients and the public. With hackers hitting everyone from Target to Citibank to the Department of Defense, physicians would do well to contact their insurance agents and update their data breach insurance.
The purpose of this article is to provide information, rather than advice or opinion.