Jeff Meyers, VP of Operations for Meyers Glaros, an Indiana-based insurance firm and provider of cybersecurity insurance, “The cybersecurity threat is something that hangs over every company in America, but more recently has been impacting midsize businesses. While cybersecurity insurance is the new normal for risk-averse organizations, the monthly premiums can be tempered significantly by implementing the appropriate processes and procedures, employee training and robust security infrastructure to defend the organization.”
They see you as a business they will likely not have to payout for because, in their eyes, you probably won’t suffer a cybersecurity incident. And if you do, the scope of the incident will be limited.
Security protocols such as encryption, transmission security, user authentication, and access controls are all required by HIPAA. All of these things limit the likelihood of a breach and can lower your insurance premiums. While audit logs, also a HIPAA requirement, facilitate the quick detection of breaches. HIPAA also requires incident response plans to be in place, allowing the organization to act quickly to mitigate the effects of an incident.
How Your Firm Factors In
As your healthcare client’s trusted security advisor, they will expect you to know what they need to do to meet cybersecurity insurance requirements. If your client has not met all HIPAA security requirements, this also provides an opportunity for you. They will need you to help them meet HIPAA Security Rule requirements so that their cybersecurity insurance coverage is valid.
Some services your healthcare client may look to you to provide include end-to-end encryption of protected health information (PHI), password management, penetration testing, and implementation of a zero trust security strategy.
Have you talked to your client about HIPAA and their cybersecurity liability insurance?