With increased patient mortality rates for 23% of organizations hit by cyber attacks, the looming threat of medical malpractice claims far outweigh any other costs.
- Healthcare providers are increasingly being targeted by cyber criminals for patient data, causing disruptions to hospital operations and an increase in patient mortality rates.
- 57% of surveyed organizations experienced poor patient outcomes and nearly half had increased complications from medical procedures due to cyberattacks
- Cyberattacks are costly, with the just one attack, on Universal Health Services in 2020 costing $67 million when a cybersecurity incident caused ambulance traffic diversion and scheduling of patient procedures at other facilities
- A Ponemon Institute study surveyed 641 healthcare, IT and security practitioners, finding that 89% of organizations had a cyberattack in the past year, with an average of 43 attacks per organization.
- Common cyberattacks, including cloud compromises, ransomware, supply chain and business email compromises, led to increased patient mortality rates for 23% of organizations, costing $4.4 million, including $1.1 million in lost productivity.
The Ponemon Institute study, that was conducted in 2022, revealed that over 20% of healthcare organizations reported increased patient mortality rates following a cyberattack.
The study also indicated that delayed procedures and tests, as well as longer patient stays, were the most commonly reported consequences of cyberattacks. Ransomware attacks had the most significant impact on patient care, with 64% of organizations reporting procedure or test delays and 59% reporting longer patient stays.
Healthcare providers are increasingly targetted due to the wealth of sensitive patient data they hold, leading to attacks that disrupt hospital operations and patient care. For example, a cyberattack at Tenet facilities in April 2020 disrupted acute patient care, while Universal Health Services experienced a similar incident that cost the chain $67 million in the same year.
Cyber attacks disrupt hospital operations and patient care leading to increased mortality rates for many healthcare providers.
The most common cyber attacks were cloud compromises, ransomware, supply chain attacks, and business email compromises, which resulted in increased patient mortality rates for 23% of the organizations. The study found that cyberattacks led to poor patient outcomes for 57% of those surveyed, with almost half reporting increased complications from medical procedures.
The cost of the most expensive cyberattack experienced in the study averaged $4.4 million, with $1.1 million in lost productivity. The study recommended organizations implement training and awareness programs, as well as employee monitoring, to mitigate the risk of attacks, as careless and negligent employees pose a significant threat.
Far-reaching effects on the healthcare industry
The consequences of cyberattacks on healthcare organizations could have far-reaching effects on the industry, potentially leading to a loss of patient trust, damage to reputation, and increased medical malpractice claims.
With increased awareness of cybersecurity risks, patients may hold healthcare organizations responsible for failing to adequately protect their sensitive information. Furthermore, cyberattacks can lead to delayed or improper medical treatment, which could result in medical malpractice claims if the patient is harmed as a result.
In light of these risks, the importance of cyber insurance cannot be overstated.
Cyber insurance can help healthcare organizations mitigate liability by providing coverage for losses resulting from cyber incidents, including those arising from data breaches, business interruption, and liability claims. Insurance companies can also help clients reduce risk by providing risk assessment and mitigation services, such as employee training and awareness programs, and security monitoring.
The healthcare industry faces significant challenges in protecting sensitive patient data from cyber threats. Healthcare organizations must prioritize cybersecurity risk management to prevent disruptions to hospital operations, poor patient outcomes, and increased medical malpractice claims. Investing in cyber insurance and risk mitigation services can help organizations reduce liability and protect against the financial and reputational damage of cyberattacks.
insurance for allied health care
insurance for hospitals
Hospital Insurance typically covers all or part of the potential liability for hospital services. It includes medical malpractice, accidents involving hospital employees and equipment, care during surgery or any other invasive treatment, after-hours care arrangements by staff who need help with their children and more.
insurance for long term care facilities
Long term care facilities must protect themselves against potential liability arising from incidents within their facility. Westwood can help you negotiate a package tailored to your long term care facility client.
insurance for medical providers
traditional insurance products
Westwood have fostered exceptional relationships with underwriters and we go to great lengths to keep abreast of their latest products, changes in requirements and restrictions, including having weekly calls with the carriers, which you can see here, by joining our insurance insider group.
- Professional Liability Insurance (Medical Malpractice Insurance)
- General Liability Insurance
- Business Owner’s Policy (BOP Insurance)
- Excess and umbrella coverage
- Cyber Liability Insurance
- Telemedicine Malpractice Insurance
- Commercial Property Insurance
- Commercial Auto Insurance
- Directors and Officers Liability (D&O) insurance
- Sexual Abuse & Molestation (SAM) insurance
- Workers’ Compensation Insurance
- RAC Audit Coverage
- Errors & Omissions Insurance
- Employment Practices Liability
- Environmental Liability insurance
- HNO Insurance
- Fully/Partially Funded insurance
- Crime Insurance
Westwood President, Michael Richards has extensive experience in setting up alternative structures for larger clients. Here are some examples:
- Starting a Single Parent Captive (Pure captive)
- Joining a Protected Cell Captive (Segregated Cell)
- Micro Captive Insurance
- Group Captive Insurance
- Risk Retention Group (RRG)
- Special Purpose Vehicle (SPV) Captive
- Stand alone ERP (extended reporting period)
- Loss Portfolio Transfers (LPTs)
If you think your client could be large and stable enough to benefit from starting or participating in a captive or has a special need for another alternative structure, contact Michael Richards now by phone: 855 351 7487.