From an insurance standpoint, I’ve not witnessed a more challenging year than 2020. The bushfires of 2019-20 shook us to our core, and then COVID-19 hit. The resulting uncertainty has made it extremely challenging for businesses to regain solid footing. Concerns about revenue streams, staff wellbeing, and future forecasts swiftly became, and continue to be, boardroom imperatives. As health providers begin 2021, now is the time to pause and check critical insurance blind spots*, particularly cyber.
Cyber Crime: Healthcare’s Blind Spot
While most businesses traditionally focus on the core structures of their insurance programs such as property, professional risks, and equipment, 2020 saw more complex risks arise as a result of blind spots. Often seemingly minor, ‘blind spot risks’ are not always obvious, but certainly becoming more frequent and damaging, particularly to balance sheets. One of the most common blind spots I witness in healthcare businesses, is cyber crime, estimated to cost Australians $300 million each year.
2020 also saw the first death recorded as a result of cyber crime; a shocking precedent, which may signal a trend of worsening attacks on the medical industry, especially hospitals. Last November, the ACSC (Australian Cyber Security Centre) issued a warning to Australian healthcare providers about the rise in similar incidents, and a recent report on ransomware in Australia identified health as the most targeted sector, ahead of Government, education, transport and retail (shown below).
Figure 1: Top sectors impacted by ransomware as reported to the ACSC FY 2019-20
Cyber Crime: What’s Your Response Plan?
While I see a vast array of medical facilities in my role, my priority question for each of them remains the same “Do you have a Cyber Response Plan?” – a query typically met with “No” or “I think we have a policy”. Alarmingly, operating without an official Cyber Response Plan is equivalent to leaving the doors wide open when you’re not home. Cyber criminals do not discriminate based on victim circumstances, and to be blunt, they do not care. Knowing full well it may endanger lives, hackers will go as far as locking a hospital’s operating system, and demand a financial ransom to unlock it.
Cyber Protection: Where to Start?
Having a Cyber Insurance Policy is a great starting point for healthcare providers, but knowing how that Policy will respond, and what it will respond to is critical.
While many insurance brokers and underwriters are quick to mention Cyber Insurance, I believe there’s never been a more critical time to elevate Cyber Policy conversations. For healthcare providers, cyber cover should be considered a business-critical inclusion in their broader insurance portfolio, as early in discussions with brokers as possible.
The onset of 2021 marks an opportune time to revisit all blind spots in your business insurance portfolio. A robust policy portfolio will not only help protect your business, your people, balance-sheet and reputation, but your patients too.
Please contact me for further support at any time, or contact your preferred medical cyber insurance specialist to establish a clearer understanding of your risks.
*Keep an eye out for insights on other insurance blind spots in our future publications.
We’re with you all the way
Head of Health & Medical
Discover more about how cyber insurance works in this case study on Australia’s education sector.
You can read more about the importance of cyber insurance here.