Thought Leadership
18 Jan 2019

Chris Frederick Discusses Insurance Coverage in Healthcare Risk Management

In an article recently published in Healthcare Risk Management, Bennett Thrasher Partner Chris Frederick discusses important factors healthcare organizations should pay attention to when dealing with cybercoverage and commercial insurance policies. Frederick explains that healthcare risk managers may mistakenly assume that damage from cyberattacks will be covered, but that is often not the case. Frederick says, “The insurance company will look at whether the network infrastructure was secure enough. They might say basically, ‘Yes, there was a data breach, but you didn’t take the necessary steps to prevent it.’”

Watch for Common Pitfalls in Cybercoverage

Healthcare risk managers may mistakenly assume that a commercial insurance policy will cover the damage related from cyberattacks, but that is often not the case, says Chris Frederick, partner with the tax and accounting firm Bennett Thrasher in Atlanta.

Even if the policy is written in such a way that it could cover cyberdamages, it is common for policies to require evidence of physical damage before any coverage kicks in — and there usually is none in a cyberattack, he says.

Healthcare organizations also may run into trouble with the cyberinsurance provider determining that the cyberattack occurred due to insufficient security.

“The insurance company will look at whether the network infrastructure was secure enough. They might say basically, ‘Yes, there was a data breach, but you didn’t take the necessary steps to prevent it,’” Frederick says.

Frederick also has worked with a company that experienced a data breach and found that the insurer did not want to cover satellite locations, including employee homes, because those locations were not named in the policy.

The limits on coverage also are important. For instance, if a policy covers the IT work necessary to recover from an attack, does that mean the insurer will reimburse you for the time your own IT employees spend on it? Or only for outside IT consultants, because your employees would have been paid for their work anyway? Frederick has seen companies surprised and frustrated when the insurer refused to compensate them for the work performed in-house.

“A key component is to know exactly what is covered and what is not,” Frederick says. “Even if it doesn’t cover all that you wish it did, possibly because you can’t afford that level of coverage, you are better off knowing that up front and not after you have been attacked.”

SOURCE

• Chris Frederick, Partner, Bennett Thrasher, Atlanta. Phone: (678) 218-1403. Email: [email protected].

Learn More

For more information on business interruption claims, please contact Chris Frederick by calling 770.396.2200.

Return to listing