Get instant
small business insurance quotes

Home > Professional Liability/Errors & Omissions Insurance > News

Insurance coverage necessary for health care data breaches


It is crucial for hospital staff and businesses to prepare for compliance with federal privacy rules in case of data breaches. These rules include provisions set out by the Health Insurance Portability and Accountability Act, which establishes guidelines for health care providers on safeguarding electronic protected health information.

Health systems are responsible for both financial and medical data, meaning strong security protections are necessary in order to stop cybercriminals from infiltrating databases and illegally accessing confidential information. When a breach in security systems at hospitals, private practices and other health care organizations happens, it could open patients up to medical identity theft or other fraudulent activity. In the event of a data breach, health care systems covered by HIPAA are required to notify affected individuals of the breach as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, according to the Department of Health and Human Services (HHS).

This was the case of AHMC Healthcare, which is based in California, Health IT Security reported. AHMC Healthcare announced it experienced a data breach after two laptops with patient data were stolen from its offices on Oct. 12. Approximately 729,000 patients who received medical attention from six hospitals operated by AHMC Healthcare may have been affected by the breach.

Personal information that may have been exposed after the theft includes patient Social Security numbers, Medicare and insurance identification numbers and other information regarding insurance payments. While the health care provider had security protocols in place to deter theft, including having video surveillance set up along with positioning guards around gates, it was not enough to protect valuable data.

Benefits of insurance after medical data breaches
Since criminals often look for valuable information to steal or seek out opportunities in which systems are unprotected, and as it becomes increasingly digital, the health care sector is one of the most vulnerable to cyberactivity. If health systems are taken to court for HIPAA violations, business insurance can help ensure they are covered for costs they may incur as the case goes on. Major data breaches are also likely to attract attention from HHS and may result in a fine.

This insurance includes professional liability insurance that covers data breach and other cyber-related activities that could result in a lawsuit. Risks include virus infections or data breach incidents when customer data is lost or stolen. Costs that health systems may be reimbursed for include costs of defense, lawsuit settlements and even lost income from having to spend time in court. Insurance coverage also helps pay for credit monitoring services for patients that may be at risk of medical identity theft. 

WHY Business Insurance Now?

Learn why thousands of small businesses trust Business Insurance Now as their insurance agency.

Take 15 minutes to see how we can help you protect your business.

  • FREE, no-obligation quotes.
  • Complete one online application to compare multiple quotes.
  • Fast response—typically less than 24 hours on week days.
  • We are a nationwide insurance agency covering 48 states.
  • We work directly with you to evaluate your insurance options.
  • We only work with the top business insurance carriers in the country.
  • Expert, licensed insurance agents to guide you through the process.