Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Insurance
February 05, 2015 12:00 AM

Anthem hack will shake up market for cyber risk insurance

Adam Rubenfire
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    The cyberattack on Anthem, which affected 80 million people, likely won't do immediate financial damage to Anthem's bottom line because it had cybersecurity insurance coverage, J.P. Morgan Securities analyst Justin Lake said Thursday.

    What the attack will do is impact the market for such cyber security insurance for healthcare providers, payers and others. Small and medium-sized healthcare organizations that have not considered such coverage may now do so, while insurers will be re-evaluating underwriting standards and likely premium levels in the wake of the Anthem attack, insurance experts said.

    Larger healthcare institutions can purchase cybersecurity coverage in excess of $100 million, in some cases for as high as $300 million to cover the costs associated with recovering from an attack, said Evan Fenaroli, cyber product manager at Philadelphia Insurance Companies, which has clients that include small physician practices and regional health systems. His average healthcare client has a $1 million policy, but the company can write policies of $5 million to $10 million.

    Premiums for a $1 million plan are generally $5,000 to $10,000 annually, though that can vary based on several factors, including the company's revenue, cyber-risk management efforts and the coverage chosen, Fenaroli said. For hospitals, premiums can be much larger—sometimes more than $100,000 or even $1 million for larger health systems, he said.

    Larger organizations are more likely to purchase coverage than smaller ones, he said, because they often have access to risk managers, in-house IT security and sophisticated insurance brokers. Smaller companies, like physician practices and local clinics, don't have access to these resources and are less likely to recognize their vulnerabilities and so see coverage as too expensive or unnecessary.

    “However, as data breaches continue to be publicized in all industries, we are seeing more of the small and mid-sized organizations actively seek out this coverage,” Fenaroli said.

    Most policies provide broad coverage for what constitutes a privacy breach, Fenaroli said, whether it stems from a hacker, unauthorized access by an internal rogue employee or a laptop that was lost or stolen and gotten into the wrong hands. Optional coverage can include underwriting for costs or lost revenue associated with a denial of service attack, in which a network is made unavailable to users, or for cyber extortion, where hackers access a network and demand a ransom in exchange for not stealing data (a lot of companies would rather pay the ransom and make the problem go away).

    Some of the largest healthcare breaches have been handled by Beazley, which underwrites cybersecurity coverage, but also contracts services that include forensic analysis, customer notification, call center operation, credit monitoring and crisis communications. The company also has an internal team of lawyers that advises clients and represents them in class action lawsuits.

    The cost of insurance coverage and breach response is minimal compared to the legal and regulatory costs associated with a massive attack that can wreck a company's coffers if the response isn't adequate, said Katherine Keefe, global head of British insurer Beazley's breach response team and a former deputy general counsel for Philadelphia-based Independence Blue Cross.

    “You're making a meaningful, legally compliant breach response that lessens the chance down the road of class action and regulatory compliance issues,” Keefe said.

    Mac McMillan, a healthcare security expert and founder of CynergisTek, an Austin, Texas-based security consultancy, said he'd heard a steep estimate of $100 million on the Community Health Services hacking incident last year in which 4.5 million records were compromised.

    Cybersecurity insurers have yet to address coverage for intellectual property theft because it's hard to determine the value of ideas and trade secrets, said Fenaroli. Devicemakers and pharmaceutical companies are in particular trouble in this regard, since they spend billions of dollars on research and development.

    “The number would be potentially so high that it really wouldn't' be insurable,” Fenaroli said. “But I think that's something that the insurance industry as a whole will evolve to provide some kind of coverage.

    Chinese hackers who infiltrated CHS' computer network last year were believed to be looking for intellectual property on medical devices and other equipment, but instead stole data on patients who sought care from its physician practices, the company said in August.

    Any large, well-publicized breach such as the one that struck Anthem will affect the market for cybersecurity insurance, Fenaroli said, by influencing coverage terms, making underwriting requirements more stringent and increasing coverage prices, especially for healthcare companies as the industry sees more large-scale breaches. Such has been the case in the retail industry following major attacks on Home Depot and Target.

    “What was acceptable five years ago is no longer going to be adequate protection from these types of attacks,” Fenaroli said. “That's the challenge we as underwriters face, and the challenge the industry faces.”

    Follow Adam Rubenfire on Twitter: @arubenfire

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    surprise-billing_0.png
    SCAN, CareOregon help erase $110M in medical debt
    diversity2_i.png
    How Connecticut's Broker Academy targets health disparities
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Daily Finance Newsletter: Sign up to receive daily news and data that has a direct impact on the business and financing of healthcare.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing