The coronavirus pandemic has encouraged many changes in the health-care sector, far beyond management of the disease itself. The emergence of telehealth as an attractive, practical option in a socially distanced world could permanently alter the way we provide and receive medical services. But like many medical innovations, tele-health also opens up a lucrative opportunity for cybercriminals.
Telehealth uses technology to digitally connect patients with their care providers, who can deliver advice, diagnoses and even some forms of treatment virtually. Practitioners can use these applications to create digitised notes, helping them meet standards for the upkeep of electronic health records. Telehealth has also spurred the development of ‘virtual rooming assistants’, which can admit patients into digital exam rooms and note medical histories, improving the e ciency of providers.
As businesses take advantage of the benefits of telehealth, they may be unaware that they also face an increased risk of cyber liability. The digital transfer of information between patient and provider, followed by the online storage of healthcare data, can be a tempting draw for cybercriminals.
Theft of healthcare records is arguably the most lucrative form of cybercrime; a healthcare data record can be valued at up to US$250 on the illegal market. By comparison, a payment card is valued at just US$5.40, according to Trustwave. This highly personal information can be harvested and sold to forgers, human traffickers or those looking to exploit it for a ransom.
There are a few crucial ways that health-care providers can combat this threat. Businesses should check their networks for vulnerabilities and ensure that any home devices, in particular, are up to date with the latest firewalls. Any device that is using Windows 7 should be prioritised for an update, as the discontinued operating system is no longer off ering security updates and is at greater risk of viruses and malware.
In addition, one of the most effective tools to prevent cyber incidents is cybersecurity education. The rise in COVID-19-related phishing emails offering in-demand items, including N95 masks and ventilators, could be stymied by training employees on what to look for to avoid an attack.
Mitigating the damage if a cyberattack occurs is also imperative. Cyber insurance coverage can include emergency response tools and training resources to reduce the impact of a breach on a provider’s bottom line, and it can be conveniently packaged with professional and general liability policies. Packaging cyber coverage with other types of insurance minimises the chance that a claim falls uncovered into the cracks between insurers.
When comparing cyber coverage, health-care providers and their brokers should keep in mind that endorsements and add-on coverages, while more cost-effective, are not typically designed to provide the full breadth of cyber protection. Look for an insurer that has expertise in both cyber and health-care liability, and when discussing coverage, ensure that the services and operations planned over the policy period are clearly communicated to obtain suitable protection. As a result of COVID-19, insurers are looking to limit their exposure to similar large-scale events, so it’s also important to review communicable disease exclusions to determine the types of claims and loss amounts a policy covers.
The pandemic has revealed our capability to adapt, evolve and triumph under immense pressure, and the healthcare industry is a perfect example. Even when some businesses return to brick-and-mortar locations, virtual services will continue to be a source of revenue for healthcare providers and will remain a convenient choice for patients. The pervasiveness of telehealth will depend on the willingness of health insurers to reimburse for visits over a virtual platform and, ultimately, on providers’ commitment to protecting themselves and their patients by minimising cyber risks.
Alicia Marsiglia is vice president and allied healthcare product head for Hiscox USA and a Hiscox partner. She has 14 years of professional liability experience, primarily in healthcare lines product management.