Cyber liability

March 10, 2020
  • Has your front desk staff ever attached and sent the wrong file to a patient?
  • Are your vendors HIPAA compliant and are they properly protecting your patient information
  • What happens if the server that runs your EHR system goes down? Do you have coverage for that?​

Cyber liability coverage offers protection for network security and privacy-related exposures, such as lost or stolen laptops or theft of patient data.

Available limits

Physician: $100,000 per claim / $100,000 per policy period
Entities: $100,000 per claim / $500,000 per policy period
Higher limits — up to $3 million — are available for purchase.

Request a quote for higher limits.

Our cyber liability policy includes coverage for:

  • BrandGuard — coverage for lost revenue as a result of an adverse media report or customer notification of a security or privacy breach.
  • PCI-DSS Assessment — coverage for claim expenses, assessments, and fines imposed by banks and credit card companies due to non-compliance with payment card industry data security standard (PCI-DSS) or payment card company rules.
  • Proactive breach response costs — coverage for public relations expenses incurred in response to a privacy breach, but before the publication of an adverse media report, to mitigate the impact of such a report on the policyholder's reputation.
  • Voluntary notification — coverage for expenses incurred in notifying affected parties of a privacy breach where there is no requirement by law to do so.
  • Regulatory fines and penalties — coverage for administrative fines and penalties a policyholder is required to pay as the result of an investigation by a federal, state, or local government agency for a privacy breach (such as HIPAA, HITECH, and state or federal notification requirements).
  • Patient notification and credit monitoring costs — includes legal, IT forensic, public relations, advertising, call center, and postage expenses incurred by the policyholder to notify third parties about a breach. This coverage will also pay for credit monitoring for all affected parties.
  • Network asset protection — includes costs to recover and/or replace data that is compromised, damaged, lost, erased, or corrupted.
  • Multimedia — coverage for claims alleging copyright/trademark infringement, libel/slander, advertising injuries, and plagiarism.
  • Security and privacy — coverage for claims alleging liability resulting from a security breach or privacy breach, including claims alleging failure to safeguard personal information.
  • Cyber extortion — coverage for demands for funds under the threat of:
    • releasing confidential information of a third party;
    • introducing malicious code;
    • corrupting, damaging, or destroying policyholder data;
    • restricting or hindering system access (including denial of service attack); and
    • electronically communicating with patients or customers claiming to be the policyholder in order to obtain personal/confidential information.

Cyber extortion coverage pays for cyber extortion expenses, but expenses can only be incurred with LSA’s consent. Also reimburses cyber extortion funds paid (with LSA’s consent) to terminate the threat.

Coverage included with higher limits

  • Dependent business interruption — covers income loss and interruption expenses incurred if the computer system of an IT service provider or business process outsourcing provider goes down.
  • Cyber crime — covers losses incurred due to (1) wire transfer fraud; (2) fraudulent use of an insured telephone system; and (3) phishing schemes that impersonate your brand, products or services, including the costs of reimbursing your customers for losses they sustain as a result of such phishing schemes. Subject to $2,500 deductible.
Previous Article
Employment practices liability insurance

Next Article