The Importance of Higher Limits on Cyber Insurance

The Importance of Higher Limits on Cyber Insurance

We recently read an article from Medical Economics, emphasizing the prime reason small practices need higher limits on Cyber Insurance. Please feel free to review the information we found beneficial, and share it with your small business clients. 

Sohan Dua, M.D., received the bad news in a phone call one morning in February 2017: his practice had been hacked.

The Electronic Health Record  (EHR) system shared by Dua and his wife, Kiran Dua, M.D., had been breached and hackers were holding their patient data for ransom. That attack sent the couple, who practice in Northridge, CA, on a protracted and painful experience that cost their separate practices time, money and service interruption.

Dua, a Nephrologist, never thought he and his wife, a Primary Care physician, would join the ranks of healthcare providers and organizations that have suffered crippling cyber attacks. Luckily, their losses were at least partially covered by the combined $100,000 cyber coverage they had through their medical malpractice insurance carrier. The insurance carrier also provided the Duas with a team of experts to help in the recovery from the attack.

However, even with that assistance, the Duas’ practices were forced to shut down for several months while they dealt with the attack. “We still don’t know how much money we lost,” Dua said. “We lost patients, too.”

The growing threat of being hacked has more Primary Care physicians buying Cyber Insurance. But what those policies cover, how they work, and how much they cost are mysteries to many healthcare providers, most of whom are only familiar with malpractice and business insurance.

What Cyber Insurance Does

Cyber Insurance covers losses and damages resulting from patient data being stolen, exposed, held for ransom, or improperly shared. It covers deliberate actions, such as hacking or ransomware, as well as accidents, such as a lost laptop containing unencrypted patient information or a coding error that accidentally exposes patient data.

A comprehensive policy will cover paper records as well, since large amounts of information are still stored in physical files. Cyber Insurance helps providers deal with the consequences of data breaches, which can range from relatively minor to catastrophic. The assistance provided can include:

  • Paying regulatory fines and penalties
  • Compensating for loss of income from downtime or lost patients
  • Hiring IT experts to find and fix the breach
  • Hiring a call center to handle inquiries from patients
  • Hiring a public relations firm to deal with unwelcome publicity
  • Hiring attorneys to represent the practice in any lawsuits filed by patients (as well as any damages awarded)
  • Paying ransom to free hijacked data.


In short, it covers almost any loss or expense that can be attributed to the data breach.

For example, the Duas’ coverage helped them when they were forced to write off tens of thousands of dollars in uncollected billing due to unrecovered patient payment records, a loss that Dua estimates at $40,000 to $50,000.

A complete policy includes first-party and third-party coverage. First-party coverage pays for damages suffered by the policy holder, such as lost revenue, business interruption, IT forensics and data restoration. Third-party coverage compensates for damages caused to others by the data breach, such as the legal costs incurred from lawsuits filed by affected patients.

Practices that haven’t bought Cyber Insurance often have some coverage through their malpractice or general business policies, but it’s usually limited to about $100,000 or less in damages and contains exemptions.

How Much Does It Cost?

The cost of a Cyber Insurance policy varies, depending on the carrier, the size of the practice, and the extent and amount of the coverage, experts say. The larger the practice, the greater the risk and the more it can expect to pay.

The good news is that Cyber Insurance is less expensive than malpractice and liability insurance. A typical five-physician Primary Care practice should have at least a $1 million umbrella cyber policy.That coverage could cost anywhere from $1,200 to $5,000 a year.

A Team Response

When shopping for Cyber Insurance, practices should investigate exactly what help they will receive in case of a breach. Unlike a fire, managing a data breach often requires the help of a team of experts, not just a check to cover damages. Depending on the nature and size of the breach, that team can include lawyers, forensic accountants, IT experts, publicists and call center operators, among others.

Besides the coverage itself, the real benefit of Cyber Insurance is being able to turn over management of the crisis to a carrier with experience in data breaches. Once an insurer is notified by a policyholder of a breach, the situation is assessed and a decision is made on the corrective actions that need to be taken to prevent further damage and deal with the aftermath. The insurer hires vendors and contractors to provide the necessary services.

For example, a lawyer will handle HIPAA notification, while IT specialists locate and fix the breach and a PR firm writes the notification to patients whose data has been affected. The decision whether to pay ransomware is up to the practice, but the insurer typically recommends a course of action and handles any payment, if one is made.

In the Dua’s case, their insurance provider, The Doctors Company, employed a computer forensics company to determine the extent of the breach and a law firm that specializes in privacy issues to determine if HIPAA notification was required. “They were a lot of help,” Dua said. “We did not know how to handle everything that needed to be done.”

Electronic Health Records  And Partners

Patient data is exchanged between practices, insurers, hospitals, and labs every day. The more places data is stored, the more vulnerable it is to attack and accidental disclosure. Even a practice that is not targeted directly can be liable for data lost by a partner or vendor. For example, in April, the state of New Jersey levied a fine of nearly $418,000 against Virtua Medical Group, a physician network, after a vendor error left the records of more than 1,650 patients visible online.

Many data breaches are going to involve EHR systems, and while the electronic records providers usually work with IT experts to find and fix the breach, it does not mean the vendors are legally or financially responsible, experts say. Many practices expect their EHR system to handle breaches or pay for damages and that’s not always the case.

Small Does Not Equal Safe

Healthcare data breaches are rampant. In a 2017 survey by the AMA and Accenture, 83 percent of physicians reported experiencing some sort of cyber attack, though not all resulted in breaches. Cyber criminals target healthcare organizations because their data contains patient names, birth dates, addresses, social security numbers, credit card numbers, and health insurance information.

Whether the hackers use the information themselves or sell it to others on the black market, stolen identification and fraudulent activity is committed. That is why healthcare data is more valuable than even credit card records.

Physicians in small Primary Care practices who think they would not be a worthwhile target for hackers should look at the U.S. Department of Health and Human Services (HHS) list of reported breaches of healthcare information.

Among the giant health insurers, government agencies, and large hospital systems, are medical practices that found out the hard way that they, too, can be targeted: a multiple physician Cardiology practice in Knoxville, TN.; a solo Primary Care physician in Weston, FL.; a solo Internist in Scottsdale, AZ.; and many more.

In fact, a practice might be targeted specifically because it is small. Attacks on small practices were uncommon five years ago, but that is no longer the case. Some hackers will test and refine their methods on small practices before going on to attack larger targets, such as healthcare systems. A new kind of attack is occurring, an attack which isn’t after a practice’s data or patient information, but rather the  computing power to earn digital currency. Attackers have hijacked practice servers  for pseudocurrencies, like Bitcoin. Users might be unaware that the reason their computers are operating so slowly is that they’re running the complex calculations to reap the currency. This goes to show that the motivation to attack small businesses will always be there. For those that say they haven’t been targeted, they simply haven’t been targeted yet.

If you need further information about Cyber Insurance, click here.

HPSI Access to Centurion in California

Centurion Medical Liability Protective Risk Retention Group is expanding to California…& HPSI is the wholesale broker to gain access to it in the Golden State!


According to recent reports, California is one of the top 6 states in the US that has the highest medical malpractice payouts, even with the establishment of MICRA. Centurion is stepping up to the plate to offer their competitive rates, great policy features and a company claims philosophy that is physician friendly!

Physician owned and operated, Centurion was founded on two key principles – to develop a quality product that is affordable and above all else to aggressively defend its physician insureds.

Competitive Rates  

“A” Rated Reinsurance from A.M. Best

Aggressive Litigation

Great Coverage Options


Policy Coverage Features:

  • Claims Made coverage for both Physicians & Allieds
  • Up to $1M/$3M policy limits for California healthcare providers
  • Prior Acts Coverage
  • 12 + years of successful operating history
  • Part-Time & Slot Policies
  • Healthcare Facilities
  • Stand Alone Tail Coverage
  • Death, Disability, and Retirement Benefits
  • New Doctor & Claims-Free Discounts
  • Medical Board Defense Coverage – up to $25,000
  • Regulatory Proceeding Coverage – up to $25,000
  • Cyber Liability Coverage – up to $25,000

Contact the HPSI Team today to secure a quote for your Insureds in California.

HPSI Announcing Exclusive Wholesaler Access to PCA in Michigan

Committed to offering high quality insurance at the lowest reasonable cost, Professional Casualty Association (PCA) is now expanding to offer their products in the Great Lakes State of Michigan.

The same great service they have been providing in Pennsylvania for almost 15 years is now available through us at HPSI as their exclusive wholesaler.

Known for their competitive pricing, physician friendly claims philosophy, and armed with a few key staff members experienced in the Michigan Market, they are geared up to bring their brand of service to the Michigan health care community.

PCA highlights include:

  • • Coverage for physicians all specialties and allieds including midwives and CRNAs
  • • Claims-made limits of $100,000/$300,000  –  $200,000/$600,000  –  $500,000/$1,000,000
  • • Broad Coverage form – Defense Outside & Incident Sensitive
  • • DD&R
  • • Physician’s full Consent to Settle
  • • ERP & Tail Options
  • • Specialized Risk Management and Claims Management Services
  • • White Glove Service
  • • Retroactive coverage & stand alone tail negotiable

Help Your Clients Stay Up To Date With Remote Healthcare Services

Telemedicine: The New Form of Check Up

Telemedicine is expanding. With the hospital industry embracing telehealth technologies, it has vastly outgrown its initial startup as a way for remote area patients to obtain access to the various benefits of big-city healthcare. According to USNews, over 20 states are now mandating reimbursement for telehealth services. Overall volume has increased along with the type of services offered via telemedicine. It has the potential to not only decrease spending but increase revenues, increasing its attractiveness to all types of healthcare providers.

However, this rapidly expanding sector comes with its own risks alongside those rewards. Its reliance on real-time data can consequently create a double-edged sword effect. While it increases the provider’s effectiveness, it also generates further professional liabilities when patient results deviate from the norm; i.e. in situations where something unplanned happens in regards to the patient, or when the medical provider fails to notice a change in patient results. Full disclosure and informed consent are key to mitigating these circumstances.

Critical questions the provider needs to be aware of according to our Carriers:

  1. If a liability claim arises, in which state will they defend themselves?
  2. Is the service HIPAA compliant?
  3. Is the provider licensed in the state the patient is in?
  4. How can they verify treatment recommendations?

These are just a few factors to be aware of when seeking coverage for this risk.

Have any questions? Do you know of a client who needs this coverage? With our expertise, here at HPSI, we can help your client get the coverage they need.

Contact your agent at HPSI today!

Put Your Clients’ Minds At Ease, Help Protect Their Tails

Stand-Alone Tail Policies
Unlimited Stand-Alone Tail Policies  For Individuals or Large Institutions
With increasingly mobile careers, physicians and groups need an affordable tail policy to cover past exposure. Let HPSI Market your account. With access to NORCAL Mutual’s Surplus Lines Carrier (PMSLIC) and other advantageous “A” Rated Carriers, your clients can relax knowing their past services are well protected.
  • • Competitive Pricing
  • • Unlimited Tail Options for Individual Physicians, Groups, Allieds and Large Institutions
  • • 48 Hour Turn-Around Time on Simple Risks
  • • Available in 47 States Including DC
Getting a Quote or Indication – What We Need From You:
  • • Dec Page, Current Loss Runs, Key Endorsements, No COIs
  • • The Current Tail Offer
  • • Limits Requested
Did you know? HPSI can market your non-medical related E&O Stand Alone Tails!
Contact one of our agents today at HPSI for more details.

Latest News on Marketplace Changes – Roles of NPs and PAs Continue to Grow

In recent years, health care has seen the role of ancillary/allied medical professionals continue to grow and expand. Along with these increased responsibilities in care, there has been an equal rise in risk exposure. With this change in business operations, more and more of these professionals are in need of medical malpractice insurance coverage. AANP, the American Association of Nurse Practitioners, has tracked the legislation by state in regards to a NP’s practice (click their map below).
It seems AANP is not the only one to notice the growth in this sector. USA Today did an interesting analysis using data from AANP and other trade organizations. Here are a few excerpts below:
“Nurse Practitioners and Physician Assistants are a fast growing part of the medical marketplace. Medicare billing records show 15% more Nurse Practitioners and 11% more Physician Assistants received payments in 2013 than in 2012 for all types of care. During that same year, the number of General Practice physicians paid by Medicare for the elderly and disabled dropped by 5%. Experts say this reflects the rising influence of non-physician caregivers in a changing health care system beset by doctor shortages and now taxed even more by a growing number of patients gaining insurance through [the Affordable Care Act].  It also shines light on the high-level of care that NPs and PAs have been providing for many years. Until now, that’s been largely under the radar, but is revealed with the release of government payments to health care providers, which clearly show these caregivers are a growing force in medicine.” 
“Nearly 900 PAs were paid for heart artery bypasses and another 950 for spinal fusion procedures, as ‘first assistants’ to physicians in these operations. NPs increasingly provide psychotherapy for Medicare patients and their families. More than 1,000 Nurse Practitioners billed for a total of nearly 200,000 psychotherapy visits in 2013.” 
“Overall, Medicare payments in 2013 totaled $1.5 billion for nearly 65,000 Nurse Practitioners and $1 billion for about 50,000 Physician Assistants…. The main driver of these trends is the rapid growth in the sheer numbers of non-physicians in health care. The ranks of NPs grew from 60,000 in 1999 to 171,000 in 2013; and the ranks of PAs grew from 83,466 in 2010 to 101,977 in 2015 according to their respective trade organizations.” 
Read the full article on
HPSI has various markets available for NPs and PAs that can provide Claims Made and Occurrence coverage options as well as Individual and Group policy forms.  

Preferred Or Not-So Preferred, HPSI Has A Coverage Solution With The James River Elite Provider Form

There are plenty of reasons why physicians and providers find their way to the E&S Specialty market. Some physicians happen to engage in high-risk practices, though not all can be categorized as troubled accounts. While they may in fact be standard market risks, for one reason or another, those Insureds are unable to obtain coverage in the standard market.

For these more preferred accounts, the James River Elite Provider™ product is a broadened policy form.

Eligible Providers

  • • Board Certified Medical Doctors
  • • Dentists including Orthodontists, Periodontics and Oral Surgeons
  • • Doctors of Podiatric Medicine (Board Certified for surgical specialists)

Coverage Features

  • • $1 million per claim / $3 million aggregate (or applicable cap limits in VA)
  • • Claims & Defense Expenses outside of policy limits – included
  • • Incident-sensitive claims-made trigger – included
  • • Damages-only deductible – included
  • • Consent-To-Settle (with Hammer Clause) – included
  • • Prior Acts – available
  • • Entity Coverage (shared limits) – available
  • • Employee Coverage (shared limits) – available
  • • Extended Reporting Endorsement available for up to 36 months
  • • Standard Deductible of $2,500 provided; lower or $0 Deductible options available on some risks
Preferred or not-so Preferred, HPSI and James River have a coverage solution! What can we help you write today? 
Contact us directly to be provided with the new James River Elite Provider™ application.