Cyber Risk – Are You Protected?

While you can't avoid cyber risk, it's important to ensure your practice is prepared for and protected against cyber-attacks.

Case study

The following is a loss scenario provided by Chubb Cyber Enterprise Risk Management, using information based on an actual claim.

Discussion

Although the above case study involves data theft in a law firm, it’s easy to see how such an incident could potentially happen in a medical practice, with serious consequences.

Loss of security of patients’ medical records could breach privacy law, cause harm to patients, damage your practice’s reputation, and significantly disrupt the practice’s ability to function. Under Australian privacy law, a practice must take reasonable steps to protect personal information it holds from misuse, interference or loss; and from unauthorised access, modification or disclosure.²

MDA National’s Cyber Risk Program

Ransomware in health care is on the rise, and an increasing number of doctors and practices have been contacting us to discuss data intrusions into their practice computer systems. To provide peace of mind, MDA National has recently launched its Cyber Risk Program – a collection of cyber risk initiatives:

• Cyber Risk Education for MDA National Members and Practice Indemnity Policyholders which includes:
• online access to case studies, articles and blogs by global cyber experts
• quarterly cyber risk email updates to support you in mitigating cyber risk
• cybersecurity education sessions.
• Complimentary Cyber Risk Cover for MDA National Practice Indemnity Policyholders until 30 June 2019, with cover up to $100,000* in the aggregate against cyber-related privacy breaches, network security liability, media liability, cyber extortion, data loss, business interruption and incident responses – which includes:
• a 24-hour cyber crisis hotline (1800 027 428)
• expert cyber risk claims managers to support your practice through a cyber-attack.

*Cyber Enterprise Risk Management Insurance Policy is arranged by Jardine Lloyd Thompson Pty Limited (ABN 69 009 098 864, AFSL 226 827), underwritten by Chubb Insurance Australia Limited (ABN 23 001 642 020) and can be accessed by new and current MDA National Practice Indemnity Policyholders until the earlier of 30/06/19 or their ceasing to hold a current MDA National Practice Indemnity Policy. The Cyber Enterprise Risk Management Insurance Policy terms, conditions, exclusions, limits and deductibles apply.

MDA National insurance products are underwritten by MDA National Insurance Pty Ltd (MDA National Insurance) ABN 56 058 271 417 AFS Licence No. 238073, a wholly owned subsidiary of MDA National Limited ABN 67 055 801 771. Before making a decision to buy or hold any Practice Indemnity Policy products issued by MDA National Insurance, please consider your personal circumstances and read the Important Information and Policy Wording and the Supplementary Important Information and Endorsement to the Policy Wording available at mdanational.com.au.

References

1. Office of the Australian Information Commissioner. Notifiable Data Breaches Scheme. Available at: oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
2. Office of the Australian Information Commissioner. Chapter 11: APP 11 – Security of Personal Information. Available at: oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-11-app-11-security-of-personal-information