As Healthcare Industry Evolves, Michigan’s Largest System Reports Second Breach in 12 Months

medical-records_20200806-890x380-1-890x269

As Healthcare Industry Evolves, Michigan’s Largest System Reports Second Breach in 12 Months

Michigan’s largest healthcare system recently announced a data breach that may have compromised 6,000 patients’ protected health information. The breach reportedly occurred after six employee email accounts were exposed in a phishing scam in January.

The eight-hospital network with 167 outpatient locations, notified patients on July 28 of a “data security incident” that could have exposed patient names, dates of birth, diagnoses, procedures and treatment information. The health system reports the number of patients involved in the breach reflect less than 0.3 percent of its 2.3 million patients.

“Healthcare systems are experiencing a severe increase in data breaches in today’s world. Breaches are growing in size as additional patient records are being exposed in attacks.”–Derek Kilmer, Burns & Wilcox

The health system concluded its investigation on June 3. Though officials said they have no evidence compromised data was viewed or acquired by a third party, it notified patients “out of an abundance of caution” and asked them to monitor their insurance statements for care they did not receive.

Michigan’s largest healthcare system recently announced a data breach that may have compromised 6,000 patients’ protected health information. The breach reportedly occurred after six employee email accounts were exposed in a phishing scam in January.The eight-hospital network with 167 outpatient locations, notified patients on July 28 of a “data security incident” that could have exposed patient names, dates of birth, diagnoses, procedures and treatment information. The health system reports the number of patients involved in the breach reflect less than 0.3 percent of its 2.3 million patients.

This breach marks the healthcare system’s second such incident within the last 12 months. In April the network reported a phishing scam involving 112,000 patients’ information.

“Healthcare systems are experiencing a severe increase in data breaches in today’s world,” said Derek Kilmer, Manager, Professional Liability, Burns & Wilcox, Detroit/Farmington Hills, Michigan. “Breaches are growing in size as additional patient records are being exposed in attacks.”

That increase comes as healthcare organizations also face unprecedented difficulties in other areas. Hospitals have struggled financially amid the COVID-19 pandemic, with some losing millions of dollars per day from delayed elective procedures and many laying off staff.

The current landscape has heightened awareness of the need for Cyber and Privacy Liability Insurance, Professional Liability Insurance and other protections.

“The lack of elective procedures has created a deep hole to dig out of,” said Karl Olson, Vice President, Professional and Management Liability Practice Leader, Skyscraper Insurance, “Utilization rates have plummeted. A large percentage of hospitals may be financially insolvent by the end of the year.

Healthcare breaches are uniquely expensive, require specialized protection

Healthcare data breaches are on the rise in both the U.S. and Canada, with ransomware attacks and phishing scams causing a significant percentage of breaches. “Cybercriminals have not taken a break,” Olson said. “Healthcare entities are targets because of the large volume of data that they store, process or have access to. Many also struggle to adequately fund their data security.”

The number of healthcare data breaches involving 500 or more records increased 196 percent from 2018 to 2019, according to HIPAA Journal. In February alone, 1,531,855 individual health care records were breached.

While the average total cost of a data breach has increased from $3.54 million in 2006 to $8.9 million in 2019, the average cost of a breach for healthcare organizations can run much higher. A data breach cost per record in many industry sectors is less than $300 per compromised record, Kilmer explained, but heavily regulated industries, such as healthcare, pharmaceutical, financial, energy, and education, have a per capita data breach cost of well over $400.“Costs can add up quickly, especially if each incident impacts thousands or potentially millions of records,” he said, noting that the number of data points contained in a single patient’s record adds to the complexity of recovering from an attack. “Healthcare records can include Social Security numbers, name, address, phone numbers, and more. The information a hacker can exploit within an individual’s health record is potentially quite large and can take an immense amount of time to track down, leading to additional expenses.”

As more breaches occur, particularly during the pandemic, healthcare organizations rely on Cyber and Privacy Liability Insurance to help mitigate their losses and maintain operations. Cyber and Privacy Liability Insurance policies can include coverage for paying or negotiating ransoms, such as in 2016 when a California hospital paid hackers $17,000 after a ransomware attack that held its computer network hostage. Such policies can also help mitigate the costs of bringing in specialized cybersecurity attorneys and forensic teams to assist in the response.

According to the 2019 American Medical Association-Accenture Medical Cybersecurity Survey, 36 percent of healthcare institutions were rendered incapable of providing care for at least five hours following cyberattacks. The 2020 IBM Security Cost of a Data Breach report indicated that the healthcare industry had the longest average breach lifecycle of any industry—329 days.

“It can take years for medical fraud to be discovered,” Kilmer said. “Healthcare organizations should have a plan in place that allows them to get up and running as quickly as possible after an attack with the lowest possible number of patient files exposed.”

Beyond the direct costs of a cyberattack, the bulk of data breach expenses are related to reputational damage and customer turnover in the aftermath of an incident, according to Kilmer. “Healthcare breaches continue to push customers away,” he added. “Given the current financial hardships hospitals are having due to absence of elective surgeries, a breach can set back these institutions even further.”

When an organization is hit multiple times it can have a negative impact on its insurance underwriting options, Olson noted, adding that “underwriters are asking for much more in-depth information than they have in years’ past.”

Telemedicine, equipment shortages among other growing healthcare liabilities

Even as medical professionals stand on the front lines of the COVID-19 pandemic, hundreds of U.S. hospitals face bankruptcy and some, especially in rural areas, may close. Hospitals laid off 1.4 million workers in April alone and a record number of nurses have lost their jobs. These conditions could add to already rising medical liability costs at a time when 34 percent of physicians are sued at some point in their careers. Beyond cybersecurity risks, healthcare entities expect a wave of lawsuits related to the pandemic as well as the corresponding rise in telemedicine. While some providers may think they have coverage under certain liability protections, Professional Liability Insurance and Medical Malpractice Insurance are essential for all healthcare organizations, Kilmer said.

“It can take years for medical fraud to be discovered. Healthcare organizations should have a plan in place that allows them to get up and running as quickly as possible after an attack with the lowest possible number of patient files exposed.” –Kilmer

“The healthcare industry is evolving rapidly,” he said. “There is going to be a continued need for telemedicine, which brings additional cybersecurity concerns.” He added that Professional Liability Insurance for healthcare organizations needs to account for changes in technology, especially if the organization is providing telehealth.

For employers in the healthcare industry, potential lawsuits over personal protective equipment (PPE) shortages, layoff procedures or overall handling of the pandemic make Healthcare Management Liability Insurance — including Employment Practices Liability Insurance (EPLI) and Directors & Officers (D&O) Insurance — a key priority.

EditCurrently selected link settingsOpen in new tab

“There is expected to be no shortage of employment practices liability lawsuits related to COVID-19,” Olson said. While an organization may be forced to reduce its workforce, he said, it can benefit from providing proper guidance and being transparent.

Addressing allegations of fraud or abuse related to Medicare and Medicaid billing and its management are other significant risks facing healthcare systems. Medical Liability Insurance that includes coverage for regulatory audits and investigations is recommended to help mitigate the costs involved with such disputes. “It is an elective coverage that is becoming more relevant than ever,” said Olson.

Security protocols, insurance are crucial to healthcare risk management

Healthcare organizations can strengthen their cybersecurity by using proper data architecture, Olson said. For example, a nurse signing in at a station should not have access to the entirety of a patient database. In addition, employees should be trained on properly securing records and how to recognize phishing attempts. “Employee education is paramount for identifying nefarious activities,” he said.

“While a healthcare organization can never be completely protected, the more that an employee knows what to look out for, the more they can safeguard patients’ privacy and potentially save the organization from a breach,” Kilmer added.

Smaller healthcare companies are particularly vulnerable to cyberattacks and, without Cyber and Privacy Liability Insurance, may not be able to cover the cost of a proper response. “There are limited resources in the healthcare sector for cybersecurity,” Kilmer said. “A small healthcare organization may struggle to protect their network because of a lack of safeguards and funding for cybersecurity.”

Cyber and Privacy Liability Insurance, Medical Malpractice Insurance and other Professional and Medical Liability Insurance policies should be customized to each organization’s particular needs. “Make sure that you are consulting a trusted source about coverage options,” Kilmer noted. “Work with a broker who can address limits based on your organization’s size, revenue and protected health information.”

As the healthcare insurance marketplace hardens, the renewal process for all insurance types should be started early due to greater underwriting scrutiny, longer turnaround time on applications and requests for COVID-specific supplements. “There is still a reasonable method for renewals and insuring new healthcare businesses or new business activities,” Olson emphasized. “It just takes someone with experience to know the appropriate markets and how to present the new risk.”

As the healthcare industry continues to change, risk management is critical. The current pandemic is likely not the last of these situations we experience. “Healthcare organizations need to make sure they are protected on all fronts, especially when economic realities make it unlikely that they could absorb the costs of the evolving risks they face,” Kilmer said.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts

Audits

Insurance Mergers and Acquisitions Hold Steady in 2024

Despite a slight decline in overall insurance M&A activity, the industry remains at pre-pandemic transaction levels, signaling a resilient and evolving marketplace. According to a recent OPTIS Partners report, 750 insurance agency mergers and acquisitions were announced in 2024, a 10% drop from the 833 recorded in 2023. However, activity picked up in the latter half of the year, with a 21% increase over the first half, demonstrating sustained investor confidence. “The M&A market remains stable, with no rush to close year-end deals for the second consecutive year,” said Tim Cunningham, managing partner of OPTIS Partners. “We anticipate more large-scale transactions in the next 12 to 24 months, as firms continue to seek growth through strategic acquisitions.” What This Means for Skyscraper Insurance At Skyscraper Insurance, we understand the impact of these market shifts and remain committed to delivering top-tier risk management solutions. As industry giants consolidate, we continue to prioritize personalized service, innovative coverage solutions, and strategic growth to better serve our clients. Key 2024 Transactions ✅ AON Acquires NFP – AON completed a $13 billion deal to acquire NFP, a firm with $2.2 billion in revenue.✅ Marsh McLennan Expands with McGriff Insurance Services – A $7.75 billion acquisition strengthens Marsh’s footprint.✅ Arthur J. Gallagher Secures AssuredPartners – A $13.45 billion agreement set to finalize in early 2025. As major players reshape the landscape, Skyscraper Insurance remains a trusted partner for businesses navigating today’s complex risk environment. Our expertise in risk management and tailored insurance solutions ensures that clients continue to receive industry-leading protection. #WeShareYourVisionForABetterTomorrow#SkyscraperInsurance #RiskManagement #MergersAndAcquisitions #InsuranceIndustry

Read More
Technology

13 Ways AI Moves Insurance Marketing Forward

As professionals in the insurance industry, we at Skyscraper Insurance understand the allure of innovation. Much like a classic car enthusiast admires shiny, powerful machines, we embrace the transformative power of technology—especially when artificial intelligence (AI) drives forward insurance marketing. AI is not just a buzzword; it represents a monumental leap in marketing capabilities. But with this powerful tool, we must ask: Are we ready to harness its full potential responsibly? AI promises to revolutionize marketing, elevating our strategies from traditional methods to cutting-edge, data-driven practices. By understanding where and how to apply AI, Skyscraper Insurance aims to refine our marketing campaigns and achieve unparalleled success. The Enduring Value of Traditional Marketing Classic marketing methods—relationship-building, personalized service, and human intuition—remain integral to insurance. Strategies like direct mail, in-person networking, and grassroots campaigns resonate deeply within our industry. However, these approaches, much like vintage cars, can be labor-intensive and lack the scalability and efficiency of modern methods. To stay competitive, traditional marketing must evolve. By integrating digital tools into classic strategies, we can modernize our outreach while retaining its personal touch. At Skyscraper Insurance, we blend time-tested methods with advanced metrics, ensuring our campaigns are both effective and enduring. How AI Powers Precision in Marketing AI introduces unparalleled precision and efficiency into insurance marketing. Think of it as the most advanced smart vehicle—equipped with adaptive technology that enhances every journey. With AI, Skyscraper Insurance can: These tools allow us to navigate marketing challenges with the confidence of a self-driving system, ensuring smarter and safer campaigns. The Evolution of SEO Through AI AI is reshaping search engine optimization (SEO), enhancing traditional practices with cutting-edge capabilities: By integrating AI into SEO strategies, Skyscraper Insurance ensures our content remains visible and relevant in an ever-changing digital landscape. Adapting for AI Platforms As AI platforms like ChatGPT redefine content discovery, we focus on: Balancing traditional SEO with AI-driven strategies keeps our content effective across diverse platforms. Finding Harmony Between Tradition and Innovation At Skyscraper Insurance, we believe in blending the best of traditional marketing with the advancements of AI. Just as a classic car enthusiast might upgrade their vehicle without losing its charm, we integrate AI to enhance human relationships and intuition. Driving Forward With Confidence As we navigate the future of insurance marketing, Skyscraper Insurance combines the reliability of traditional methods with the innovation of AI. This dual approach ensures we stay ahead in delivering exceptional service and tailored solutions to our clients. Whether fine-tuning classic strategies or adopting AI-powered tools, we’re committed to helping you achieve your goals with precision and care. At Skyscraper Insurance, #WeShareYourVisionForABetterTomorrow.

Read More
Try your instant quote