As the nation’s baby boomers age, retirement communities and nursing homes are expanding. These senior living facilities often emphasize physical security as one of the main benefits they can provide to potential residents and their concerned families.
Frequently, however, senior living facilities have no plan in place to protect themselves or their residents against cyber attacks. This is in part, no doubt, to the subtlety of a cyber event. Criminals who electronically steal credit card numbers or health records do so largely undetected and miles away from the location of the data. In fact, an attack can go unnoticed for months or years – until the data is actually used and the owner of the data has suffered harm.
Because senior living facilities usually offer a broad range of services, they typically possess a large and varied collection of data on residents. This data might include Social Security numbers, credit card information or bank account information (for billing purposes), and credit reports.
One of the biggest liabilities, though, is the facility’s housing of medical records. Nursing homes must possess medical records by necessity, but even active living communities for seniors sometimes have on-site medical services that require record keeping.
Medical records are particularly problematic because not only do they contain a wealth of data that cyber crooks value (to file fraudulent tax returns, for example), but they are deeply personal. Stringent laws and regulations require a high level of privacy and govern how medical records are handled – the federal Health Insurance Portability and Accountability Act (HIPAA) being the most prominent.
State laws and agencies also impact the senior care industry. The California Department of Public Health, for example, has been extremely diligent about the protection of personal information. According to the Workplace Privacy, Data Management, and Security Report, in just six months of 2010, California levied nearly $1.5 million in fines against hospitals and nursing homes for failure to protect data. One facility was fined $250,000 for not preventing the theft of hundreds of patient records.
Furthermore, when a hacker compromises a resident’s medical, financial, or other personal records, the resident will have strong legal ground in a lawsuit if the facility is deemed negligent in exercising a duty of care to safeguarding those records.
A good cyber insurance (also known as Internet insurance) policy begins with third party and first party coverage for the loss of or damage to the digital data. There are numerous other expenses that cyber liability insurance will pay for, too, including the cost of digital forensics and mandated notifications to victims. A list of some of the more common expenses incurred from a data breach can be viewed at our Cyber Insurance Basics web page.
The premium cost for a cyber insurance policy can range from a few thousand dollars for a $1 million policy limit to hundreds of thousands of dollars for very high policy limits. Over the past ten years, INSUREtrust has written more than $100 million dollars in
premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for any risk.
Like all insurance, there is an application process that can be cumbersome. However, INSUREtrust has put together a simplified application that is accepted by many of the leading insurance companies. Call us – we can walk you through the process and make it easy.