Cyber
What is cyber insurance?
Cyber liability insurance protects you when your computer systems, software, hardware, cloud storage, etc. is compromised. A properly structured policy will provide cyber liability both 1st Party (damages to you & your business) losses and 3rd Party (damages to customers, employees, and any member of the public) losses; as well as cyber crime should a bad actor steal money from your business account.
Damaged computer server
A damaged server containing personal information of employees and patients prevented a physician from effectively operating his practice. Under the NAS cyber policy's Network Asset Protection agreement, the physician was able to receive reimbursement for IT-related expenses to rebuild and restore the server, as well as personnel time to recreate the electronic records.
Online posting of unauthorized photos
A physician posted unauthorized photos of several patients on her website that were identifiable by name. There have been 15 invasion of privacy actions against the physician to-date, with several settling in the range of $150K per plaintiff. $1,400,000 paid
Employee stole patient identities & credit card information
An employee of a doctor stole the identities of multiple patients and made credit card purchases with the stolen information. The doctor became aware of the breach when the employee was arrested. Local and federal law enforcement later advised the doctor that the identities of 5 patients, and approximately $10,000, had been stolen by this employee. Two of the patients filed a lawsuit against the doctor in connection with the identity theft. The patients alleged that the doctor failed to prevent the unauthorized access of their credit card information. The patients sought compensatory damages and emotional distress damages. $55,000 paid
Stolen physician's laptop
A physician suffered a burglary at his residence and his work laptop was stolen. The laptop had his entire 15 doctor medical group's patient database on it comprising 57,000 records. Unfortunately, the laptop was not encrypted. Legal counsel was appointed to determine notification requirements and manage the response process. Counsel worked with the Insured's IT department to determine that there were 37,000 unique identities on the laptop. The medical group was also required to publish a notice of the breach on their website and in the local media. Additionally, the group was required to notify the Office of Civil Rights of the breach, which led to a Department of Health and Human Services investigation. The Office of Civil Rights required a complete submission from the medical group outlining how they were in compliance with the various provisions of HIPAA. Counsel worked with the medical group to show proof of strong privacy controls and training procedures resulting in the DHHS closing its investigation. $44,000 paid
Right coverage. Right choice. Every time.