Two new one-pagers from US Health and Human Services aim to support healthcare organizations as they take steps to implement cyber insurance best practices today.
WHY IT MATTERS
“Cyberinsurance can help protect your organization against excessive costs that could occur in the event of a cyberattack,” the 405(d) program said in its Dec. 14 announcement.
The sources – one for smaller organizations and one for medium and large – explain why cyber insurance is an ongoing partnership between healthcare organizations and their insurers.
This allows healthcare IT specialists to learn the steps they need to take to continuously improve their organization's security, including how to think about their duty to defend and incident response planning.
THE BIG TREND
The HHS 405(d) program was created as a provision of the Cybersecurity Act of 2015 and the task force was initially convened with 150 individuals from government and healthcare industries.
More recently, the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services released the Cybersecurity Toolkit for Healthcare and Public Health.
With the healthcare and public health sectors facing significant cybersecurity challenges, government and industry are working to close the gaps in resources and cyber capabilities. Since 2015, the discussion has shifted from whether a healthcare organization is attacked to when.
“We have seen a significant increase in the number and severity of cyberattacks on hospitals and healthcare systems in recent years,” said HHS Assistant Secretary Andrea Palm.
“The more often they occur and the longer they last, the more expensive and dangerous they become,” she said.
John Menefee, cyber risk product manager at Travelers Bond and Specialty Insurance, said Healthcare IT news in June, it emerged that insurance companies are getting better at helping healthcare organizations protect their infrastructure before threat actors strike.
ON THE RECORD
“If your organization falls victim to a cyber attack, cyber insurance can provide your organization with access to third-party breach specialists, including forensics, independent legal counsel working on your behalf, and potential reimbursement for loss of business coverage or revenue,” 405(d) said in the new source.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.