It seems that we are alerted to another cyber breach almost every day. Some of the most recent cyberattacks include the Starwood, Marriott, Hyatt hotels; Oracle’s MICROS Point-of-Sale and Newkirk Productions, a service provider that issues healthcare ID cards. It is to be expected that the data breaches making headlines are those that are very large in scope and involve recognized companies.
What about the small-medium size business owners?
California law requires a business or state agency to notify any California resident whose unencrypted personal information, as legally defined, was acquired or reasonably believed to have been acquired by an unauthorized person.
The law also requires that a sample copy of the breach notice, when sent to 500 or more California residents, must be provided to the California Attorney General. A few of the most recent examples are stated here.
- Dr. John Gonzalez, a dentist in the Los Angeles area, had his briefcase stolen out of his locked car while it was parked at a commercial structure. In that briefcase was an external hard drive containing two different types of unencrypted patient data. In accordance with HIPAA rules, Dr. Gonzalez was required to send proper notification to all affected patients.
- Valley Anesthesiology and Pain Consultants, a provider of anesthesia and pain management services out of Phoenix, learned that a third party may have gained unauthorized access to the VAPC computer systems. Included in their breach notification was an offer of a free, one-year membership to Experian’s® ProtectMyID® Alert. VAPC is also taking steps to enhance the security of their computer systems, including reviewing security processes, strengthening network firewalls, and continuing to incorporate best practices in IT security.
- Bon Secours Health System, Inc., a Maryland based healthcare services provider, discovered that files containing patient information had inadvertently been left accessible via the internet by one of their vendors. They have since had to notify a countless number of patients as they are affiliated with; 19 acute-care hospitals, one psychiatric hospital, five nursing care facilities, four assisted living facilities, 14 home care and hospice services and more than 25,000 employees. Included in their required breach notification, Bon Secours offered a free, one-year membership to Experian’s® ProtectMyID® Alert. They are also are taking steps to enhance the security of their computer systems, including reviewing security processes, strengthening network firewalls, and continuing to incorporate best practices in IT security.
These examples are just a few of what has been recently reported where there has been no foul play yet these companies have to absorb the cost of proper breach notification as well as any related good will offers. There is also the cost of stepping up security measures and any related public relations expenses. Breach costs could exponentially increase due to fines, lawsuits and remediation expenses.
Cyber Liability and Cyber Protection seem daunting to the majority of us. The longer we and our business wait to implement protective measures, the farther behind we become in safety measures. Cyber insurance premiums are relatively low, but they will rise along with the number of breaches.
At The Armstrong Company Insurance Consultants, we take Cyber Liability very seriously. Contact us to talk with one of our experienced licensed representatives about Cyber Liability Insurance or any insurance need. We are here to work for you!