For the last 18 months’ we have been writing articles about the threat of cyber-attacks to the healthcare industry. This is indeed one of the most targeted sectors in the UK and the risk to your dental practice is significant. This has further been highlighted by the events of the last few days where the NHS has suffered its biggest attack of this kind.
What is the risk to you?
No business is completely safe from the threat of cybercrime, no matter how many firewalls you have or virus scanners, it only reduces your risk by a small fraction. Over the last few years we have seen major companies and organisations such as Talk Talk and MI5 affected, organisations who invest heavily in the reliability of their IT systems are just as vulnerable and you and me.
So how does it work? Often, we see businesses that have their IT systems or software encrypted by the criminals. This means that the hackers take control of your systems and lock you out. They usually request payment in the form of Bitcoins in exchange for releasing your data back to you. In the past when this has happened clients have still had major problems with their software afterwards and have had to get professional companies in to reinstate the corrupted data. If you decide not to pay the ransom, then the cybercriminals will often look to sell the data on the black-market and then it is lost forever.
What is your most valuable data?
For any medical practice the value is in the patient medical records and appointment logs. This is the lifeblood of your business and without access to this the practice would struggle to continue, at least in the short term.
In the event that your patient records were sold on the black-market and got into the hands of other cybercriminals your patients could be at significant risk. Your patients can sue you for compensation if their medical records became accessible to others. You could face a claim by every single person affected by the data breach and furthermore, you would become liable for their legal costs as well as your own if you required representation or defending from such claims. The Information Commissioners Office (ICO) can also get involved too. They are the statutory regulator when it comes to data security and they will investigate a breach of data to see if there are grounds for imposing statutory fines against you! These fines can start from tens of thousands of pounds and there is no real upper limit.
So what is the solution?
It is very difficult to guarantee your business will not be affected by cybercrime although I would recommend that you review your IT security arrangements anyway and make upgrades where possible. Something that is within our control however, is what measures we have in place to protect our businesses should something catastrophic happen.
To do this, it is advisable to have Cyber Liability Insurance cover in place. As a basic cover, this will protect you against the claims that could be made against you, including legal costs and statutory fines. However, there is further cover that can be included within a policy such as:
· Damage to Hardware
· Data Corruption & Reinstatement
· Financial Crime i.e. money being fraudulently taken from your bank account
· Data-Breach Expenses including reputation protection
· Loss of Business Income
How much does a policy cost?
It all depends on a few variables:
· How many patient records do you hold?
· What is your gross annual revenue?
· What limit of indemnity do you require?
The last question above will be an area that your insurance adviser can guide you on. The larger the practice and the more records held the greater the exposure to claims and statutory fines. Prices typically start from around £500 per year although we are usually able to save our clients’ money on their main Practice Insurance policy if a Cyber Liability policy is taken out.