Read the Fine Print: Top Cyber Insurance ConsiderationsPeter Halprin, Partner at Pasich LLP, on How Cyber Coverage Is Evolving
It is increasingly important for healthcare entities to carefully examine their cyber and other insurance policies to see what risks are covered in the event of a cyber incident, especially as the threat landscape continues to evolve, said attorney Peter Halprin, a partner at law firm Pasich LLP.
"You really need to read your policy to see what it covers," he said. "Because of the frequency of ransomware attacks, what the insurance industry has largely done is sublimit some of those coverages, so if you have $10 million in coverage, you may only have $5 million for ransomware," he said.
Healthcare entities also need to be mindful about their coverage for cyber incidents that could result in physical harm to patients and others, he said.
"There is an intersection between bodily harm and cyber insurance - or the consequences of a cyberattack that could have impacts for bodily injury, death, harm, etc.," he said.
That includes environmental impacts. "You could see explosions and things getting into the atmosphere outside of a hospital. Maybe they're storing something, and it explodes. There are a lot of different consequences from these cyberattacks," he said.
Halprin said some incidents such as bodily injury claims could be paid under general liability or medical malpractice policies, "but in those cases, entities need to be careful looking for some kind of potential cyber exclusion," he said. "Healthcare clients and entities should be thinking about that and looking at their policies critically to see if the coverage is there."
In this video interview with Information Security Media Group at ISMG's Healthcare Security Summit in New York City, Halprin also discussed:
- How coverage and exclusions are evolving in cyber insurance;
- Attribution of attacks to nation-state actors and how that might factor into coverage;
- Other cyber insurance considerations for the months ahead.
Halprin represents commercial policyholders with a focus on recovery strategies in relation to cyber breaches and cybercrime, natural disasters, professional services, regulatory investigations and technology disputes.