Rise in healthcare cybercrime leading to increase in practices taking out cyber-liability insurance

29th June 2021

By: Schalk Burger

Creamer Media Senior Deputy Editor

     

Font size: - +

The increase in cybercrime affecting the healthcare industry in South Africa is contributing to private practices turning to cyber-liability to protect themselves from data breaches and ransomware.

It pays for insurance brokers to assist clients with a cyber-liability policy, say Indwe Risk Services and MC de Villiers Brokers.

Cybercrime is on the rise in South Africa, with hackers often seeking out the health and banking data of medical practices.

"As hackers accelerate their attack, healthcare practices will need to improve their data security, especially now that many employees are working from home. They will also need to rethink their cyber-liability," the companies advise.

While cyber-liability is covered by most malpractice insurance policies, it is usually limited and contains exceptions. It is, therefore, a good idea to go for a comprehensive cyber-liability policy that covers hiring information technology experts to fix any data breach, paying a ransom to free hijacked data, compensation for loss of income from downtime or patients leaving the practice, hiring a public relations firm to handle bad publicity and hiring attorneys to deal with lawsuits filed by patients, as well as any damages awarded.

"The cost of a policy would depend on the size of the business, with an entry-level figure being around R2 000. Cyber-insurance may seem like an unnecessary extra expense, especially as doctors already pay such high indemnity fees, but not having it in place is simply not worth the risk," the companies say.

The more data is exchanged between practices, medical aids, hospitals and laboratories, the more vulnerable it becomes to cyber-attacks, they warn.

"Practices need to realise that even if they are not directly targeted, they can still be liable for data lost by a vendor or third party.

"Doctors should aim to work together with third parties like laboratories and hospitals to keep their patients’ data secure. It’s a shared responsibility; everyone involved has a duty to keep it safe," the insurance companies note.

"Cyber-criminals love targeting healthcare organisations because their databases contain patient names, birth dates, addresses, identity numbers, banking details and medical aid information. Often, smaller practices do not encrypt their patients’ information and, even if a laptop is stolen, it is a potential data breach.

"Other practices are under the false impression that data storage is the responsibility of their electronic health record (EHR) systems provider, so they’re not liable if anything goes missing or gets hacked. This is simply not true," the companies emphasise.

A smaller practice is not at lower risk of being targeted for hacking. Larger practices face greater risks and greater costs for cyber-liability policies, but smaller practices are often more vulnerable because they are mainly focused on treating patients, not ensuring they have the latest security measures in place, they add.

"The need to invest in cyber-liability cover is made more urgent by the Protection of Personal Information Act, which will be enacted from July 1. This law will bring South Africa up to date with other privacy legislation, such as Europe’s General Data Protection Regulation.

"Both emphasise the need to protect personal client data from loss, damage or unlawful access. The onus is on healthcare practices to implement reasonable technical and organisational measures to ensure the protection of their patients’ details.

"This involves identifying all internal and external risks, establishing the necessary safeguards and frequently updating them as new risks emerge," the companies say.

Edited by Chanel de Bruyn
Creamer Media Senior Deputy Editor Online

Comments

The functionality you are trying to access is only available to subscribers.

If you are already a subscriber, you can Login Here.

If you are not a subscriber, you can subscribe now, by selecting one of the below options.

For more information or assistance, please contact us at subscriptions@creamermedia.co.za.

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION