If you're like most companies, you've got cyber liability insurance, and if you took your agent's advice, it's probably higher than the minimum. So you're covered, right? Wrong.
One way to determine your risk profile is to build it up from a baseline of zero. For example, you have a database of 20,000 clients/patients. You may have calculated the cost of a breach - notifying clients, the potential penalties, and the cost of remediation of the breach. These are quantifiable costs, and they are part of what your cyber insurance carrier has estimated. However, once you're past the fines and known costs, a larger, more ominous cost is still out there - civil litigation.
This past week, Cardiovascular Associates in Alabama was sued in a class action lawsuit, initiated by a single patient, for the breach of 441,000 patient records. The lawsuit seeks damages in a jury trial, and the potential settlement could be in the millions, far exceeding their likely cyber liability insurance limits.
While this example is for healthcare, it doesn't end there. ANY company can face a similar scenario. If you store customer, client, or patient data, you're vulnerable - not just to a cyber attack, but potential civil monetary damages as well.
So the next time you opt to skip a cybersecurity best practice like vulnerability scanning, training, or a general network security and risk assessment, you may want to consider the potential costs of that decision.
We're here to help with affordable and effective solutions.
If you have any questions or are concerned about your organization's cybersecurity, call us at (949) 474-7774. We'll be happy to help.
For more HIPAA information, download our ebook - The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires implementing a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.