Medical Group Management Association
Join Now

Cyberinsurance is a good investment for healthcare organizations

MGMA Stat - May 10, 2018

Health Information Technology

In a May 8, 2018 MGMA Stat poll, healthcare leaders were asked if their organization had cyberinsurance. More than half of the respondents indicated that their organization has this coverage, which is often part of their malpractice insurance coverage.

Cybersecurity is a concern for every healthcare organization, regardless of size, so cyberinsurance can help reduce the financial impact of a data breach, along with providing other benefits. As Paul I. Berkley, FACMPE, MGMA member noted in a recent MGMA Member Community conversation about cyberinsurance, “Cyber coverage is offered by a number of major carriers. It protects against a wide variety of issues to include HIPAA violations, ransom attacks, or other related issues. The price for us seems to be reasonable.”

According to a 2017 Accenture survey, 26% of U.S. consumers have had their personal medical information exposed during a data breach. Furthermore, of those whose information was exposed, 50% stated that they were subject to medical identity theft, and were required to pay an average of $2,500 in out-of-pocket costs per incident.

For providers, cybersecurity will continue to be an issue in the years to come. In fact, according to a CynergisTek report, healthcare cybersecurity attacks – security incidents stemming from hackers – increased 320% from 2015 to 2016.

Now more than ever, patients are relying on their providers to keep their data secure, so it’s important to be proactive Is your organization taking steps to deal with cybersecurity risks and do you have cyber insurance to cover potential losses?
As you evaluate potential cybersecurity risks and assess cyberinsurance options, consider taking these steps:
  • Review your IT capabilities and how information is stored.
  • It is critical for providers to understand what’s covered in their policy and what’s not. Speak with your insurance broker about your insurance options. Nearly all cyberinsurance policies cover the costs of notifying those affected and the cost of a lawyer to serve as the data breach coach for a specific event. However, some policies do not cover the costs of preparing notifications for regulators or the penalties that those regulators impose, while others do not cover lost revenue or staff time.
  • Evaluate your incident response plan and make sure your staff is familiar with it. Also, consider how patients will receive care if your computer system is inoperable.
  • Benchmark coverage data. Coverage purchased by comparable organizations should be available from your insurance broker or carrier. You carrier should also have breach calculators to estimate the potential cost of a breach based on the number of records compromised.
  • As cyber threats evolve, it’s important to stay in contact with your broker to understand how these threats may affect your cyber-insurance policy.
  • Shop around. In the cyberinsurance conversation, Richard Hansen, MS, CMPE, MGMA member, suggested, “Obtain 3 quotes and compare them … I used an IT firm to help me evaluate the coverage and which companies to consider. The number of IT breaches in healthcare has increased. A modest breach could cost $1.5 to $3 million depending on the number of patients you have. Unfortunately, it's coverage I feel every group should have in this day and age.”
  • Your malpractice insurance carrier could be an option. As Jennifer White, CMPE, MGMA member, wrote in the cyberinsurance conversation, “Another vendor to look at for a quote is your malpractice carrier – they can be very competitive and depending on the size of your practice they may be able to include the cost in your renewal.”
Perhaps most importantly, as practice administrator Trudi Noppenberger, MBA, MGMA member, stated in the cyberinsurance conversation, it’s important for practices to have peace of mind. “I definitely recommend any practice buying cyberinsurance. It's just like all your other insurances – you hope to never use it, but if you have to, you have it in place. It is inexpensive, and well worth it as part of your security blanket.”

Learn more about MGMA Consulting
Learn more about MGMA Stat

Pamela Ballou-Nelson, RN, MSPH, PhD, CMPE
Principal Consultant
MGMA Consulting

Shopping Cart

Your cart is empty

Click here if your organization is tax exempt

A State Sales tax exempt certificate must be on file and taxable items cannot be ordered online. For immediate assistance during normal business hours of 7:00am to 5:00pm MT M-Th and 7:00 am to Noon MT on Friday, please call toll-free: 877-275-6462, ext. 1888



Use two letter code for US states
Use three letter code for country
Use two letter code for US states
Use three letter code for country
Use two letter code for US states
Use three letter code for country

Grand Total:
Saved credit card is required for opt-in to autorenew.

Questions? Contact the MGMA Service Center for assistance during checkout or review our return policy for more information.




Thank you for your purchase! If you purchased an event, you will be receiving a follow-up email from our Learning Management System regarding the product/event purchased and no further action is required.