Ambulance companies are exposed to multiple areas of potential loss on a daily basis. Some, like medical malpractice, are widely understood and insured against. But for other risks, like network breaches and privacy violations, some firms unnecessarily put themselves in danger of huge losses.
The ambulance industry is not alone in this regard – it is estimated that only about 2 in 10 small businesses have any cyber liability coverage at all. This is quite amazing, especially considering the daily news headlines telling of cyber crimes against all sorts of businesses and government agencies.
What if someone hacked into your computer network?
Every ambulance firm stores valuable data on its computers. If a hacker broke in, any number of nightmare scenarios could unfold. For instance, sensitive corporate information like non-disclosure agreements and confidentiality agreements would be available. The hacker could extort the ambulance company to keep from revealing the data to the world. And even if the criminal had no use for this particular content, the mere fact of a security breach would put the company in danger of being sued by the third parties whose data was exposed.
In a recent case in Georgia, a clerical worker at Emory Healthcare accessed digital files in a get-rich-quick scheme: The employee allegedly printed off copies of patients’ hospital bills and passed them off to a crime ring, which then allegedly used the data – including Social Security numbers and dates of birth – to file fraudulent tax returns in the patients’ names. The Atlanta Journal Constitution reports that Emory mailed thousands of its patients a notification letter.
Another possibility is that a disgruntled, vengeful employee could use data for unauthorized purposes. Or maybe an employee with no ill will simply makes a mistake that leads to a data breach. Regardless of the motive and method, the ambulance company faces liabilities.
Typically, a network breach exposes hundreds or even thousands of records. The Ponemon Institute estimates that each compromised file costs the victimized company $214. By the time lawsuit and client notification expenses have been paid, the average hacking incident costs a whopping $7.2 million. But even if only one single file is exposed, lawsuits and other consequences can cost huge sums.
Possession of medical records creates potential land mines
Because the ambulance industry deals with medical records, there are additional liabilities. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides for civil penalties if patient medical data is compromised.
And, since society places particular importance and sanctity on medical privacy, a judge and jury are likely in a lawsuit to be much more sympathetic towards the individual whose medical records have been stolen, as opposed to the company that was charged with safeguarding the record, even if the company itself was a victim of cyber crime.
Don’t just fear lawsuits – financial companies can levy their own penalties
Frequently, ambulance companies possess confidential financial information on patients too. This creates another layer of liability, and another potential source of punishment from a data breach. For example, if a cyber criminal steals payment information that includes credit card numbers, and then uses those accounts to make purchases, payment card industry (PCI) rules allow the bank which issued the credit card to both fine the ambulance company, and force it to pay for material losses.
Other dangers abound
There are other hazards to be aware of, too. Data storage on handheld computers, tablets, and laptops is common, but if the device gets lost, patient information is exposed. Furthermore, a typical ambulance company has paper files as well as digital ones. A negligent employee might lose paper files, triggering a legal crisis. Or, if paper files are archived by a third-party provider, and files get compromised, the ambulance company is still liable.
Any loss involving client data might also necessitate a rapid public relations response, which would be expensive.
Something as simple as a computer virus could lead to corrupted records or an inoperable network, resulting in a break of business continuity and lost revenue.
The good news: Business insurance offers protection
There is light at the end of this tunnel, though. For all of the scenarios outlined above, and for many others, business insurance can provide an ambulance company owner peace of mind. Unfortunately, most small business owners fail to take advantage insurance products for cyber and privacy violation risks, and so remain vulnerable to potentially catastrophic fines, penalties, and lawsuits.