Change Healthcare's recent cyberattack sparked a crucial discussion on cybersecurity, business continuity, and contingent liability insurance within the healthcare sector. Cyber attacks in healthcare have been increasing in severity, with far-reaching consequences for businesses, physicians, and insurers alike. Here are key observations and tips for protecting your organization.
Analyze the broad impacts of the Change Healthcare cyberattack
The Change Healthcare attack did more than compromise patient data. This breach halted operations and affected multiple sectors. It disrupted billing for physicians and pharmacies, threatening their financial stability. Three takeaways:
- The event highlighted the interconnected nature of our digital world, showing how finance, technology, and retail sectors are vulnerable, too. All organizations can gain insights by studying this cyberattack.
- The situation demonstrated how third-party vendors can pose unintentional cyber risks. It’s worth taking a second look at your vendor cybersecurity. Could you benefit from additional technical and contractual safeguards?
- The Change Healthcare situation underscores the importance of strong business continuity planning (BCP). A swift, decisive response to a cyberattack helps protect sensitive information, preserve customer trust, and maintain organizational resilience against catastrophic outcomes.
Assess vendor management and oversight
Effective vendor management involves assessing and mitigating risks throughout the vendor lifecycle, from selection and onboarding to continuous monitoring and management. Businesses need to:
- Conduct thorough due diligence and risk assessments before engaging with any vendor to understand their cybersecurity posture and risk exposure.
- Include specific cybersecurity requirements and obligations in vendor contracts. Establish clear definitions of roles and responsibilities in the event of a data breach or cyber incident.
- Establish a system of ongoing oversight of vendor security practices. Evaluate compliance with contractual obligations to identify and address vulnerabilities promptly.
- Verify vendors have robust incident response plans that align with your organization’s response strategies. How will you coordinate efforts in the event of a cyberattack?
- Establish a comprehensive vendor risk management program that incorporates regular reviews, audits, and updates to security requirements based on evolving threats.
Apply proven methods for business continuity planning
Strengthen your organization's resilience with strategic Business Continuity Planning (BCP) essentials. These proven strategies are key to navigating and recovering from disruptions effectively. BCP also helps avoid financial losses and reputational damage:
- Understand which business functions are vital to your operation’s survival and identify dependencies, including third-party vendors, which support these functions.
- Develop alternative solutions and manual processes to keep necessary functions running if primary systems become compromised.
- Establish a comprehensive communications plan that outlines how to communicate with internal stakeholders, vendors, customers, and regulators after an incident.
- Conduct regular tests of the BCP, including tabletop exercises that simulate various disruption scenarios. Training for all relevant staff is important to confirm they are familiar with their roles during an incident.
- Review and update the BCP continuously in response to new threats, changes in the business environment, or lessons learned from incidents.
Revisit cyber liability insurance and business interruption coverage
The Change Healthcare cyberattack illustrates the complexities of contingent business interruption claims, which pose a major financial strain on affected parties. Cyber liability insurance policies differentiate between direct losses from cyber incidents and contingent business interruptions. This forms a maze of requirements for proving a claim.
The role of companies like Change Healthcare is under debate. Are they IT or data management suppliers within UnitedHealth Group? This distinction directly affects contingent business interruption claims. As a result, healthcare providers and other stakeholders face difficulties in securing timely reimbursements, complicating the recovery process.
Here are three tactical best practices to consider when navigating cyber liability insurance claims after a breach:
- Keep detailed records of all disruptions and expenses incurred due to the cyber incident. Documentation is key to substantiating claims for lost income versus lost revenue and to distinguishing between direct and contingent business interruptions.
- Review your cyber liability insurance policy thoroughly to understand the coverage scope, including breach response and contingent business interruption coverage. This understanding is key for identifying potential gaps and ensuring that claims fall within the policy’s parameters.
- Engage with your insurance carrier early and maintain open lines of communication throughout the claims process. Providing updates and being responsive to inquiries can facilitate a smoother claims process and help in advocating for your coverage rights.
Reinforce cybersecurity through ownership, adaptation, and learning
Cyber risk management transcends simple checklists. Today's cyber threat landscape demands forward-looking, comprehensive strategies. You need in-depth controls, policies, and procedures that cover all departments — marketing, HR, IT, financial management, etc.
Take ownership, collaborate with your team, and continuously adapt. Learn from incidents like the Change Healthcare cyberattack and the 23andMe data breach. A holistic cybersecurity framework, which prioritizes robust risk management, business continuity planning, and strong vendor oversight, helps protect your organization and customers.
Take charge of your practice's cyber protection
Brown & Brown helps you assess your practice’s cyber vulnerabilities and develop a targeted liability plan, whether you operate a single office or a large network. Protect patient data and maintain compliance with our tailored approach.
Our Cyber Team can help you identify specific cyber threats and offer valuable risk management solutions. To connect with our specialists, please fill out our online contact form. We’re here to help protect your business from digital threats.
About the Author
Allen Blount leads the Cyber Team at Risk Strategies, where he guides organizations on cyber liability insurance, cyber risk management, and incident analysis, including the Change Healthcare cyberattack. Before his insurance career, he practiced law.