Skip to main content
Web Content Viewer (JSR 286)
CNA Blog — From the Experts
From insurance trends to risk control to corporate social responsibility, CNA’s leaders know their business and are proud to use their expertise to help organizations succeed.

CNA Blog — From the Experts

Share this content via email or social networks
Published Monday, February 22, 2016

Healthcare Exposure Trends: Be Aware of Rising Risks

Every day your organization is at risk when it comes to cybersecurity, but vulnerability isn’t confined within your walls. Third parties associated with hospitals account for 30-40 percent of all data breaches, and identity theft can easily be committed by simply securing an individual’s birth date, gender and zip code. As these basic Protected Health Information (PHI) identifying factors are easily accessible through third-party outlets, your patients’ medical records, drug histories and clinical trials are available to a potential hacker.  

PHI theft is becoming more common and is often linked to benefits and treatment fraud. For example, in 2014, a Missouri child’s social security number and medical records were stolen, resulting in his mother spending months trying to prove her son was never treated for a leg injury from the hospital that had billed her insurance company for treatment.  

In addition to knowing how hackers can breach your system, it is important to understand the liability for those affected by a potential cyberattack. Potential liabilities can include, but are not limited to, the following:

  • Privacy injury liability results from unauthorized disclosure of sensitive or non-public information. One notable case includes Premera Blue Cross. In March 2015, social security numbers, bank account information, birth dates, addresses, email addresses, phone numbers, and claims and clinical information. Premera is offering the affected individuals two years of credit monitoring, but lawsuits are seeking lifetime credit monitoring as a result of the system hack.  It should also be noted that disclosure of claim and clinical information involves protected health information and therefore, implicates HIPAA violations.
  • Network security liability results from the inability to access or use computer or information systems, damaging, or even losing, others’ information.
  • Content liability results from publishing printed materials to an online location. Content liability exposure can relate to disparaging materials, copyright infringement, plagiarism, erroneous advice and even negative Yelp reviews, which result in reputational harm to the organization.

Healthcare exposures such as these are not limited to patients, customers and personnel. Your organization’s internal operations are also vulnerable.

  • You may suffer a loss of business income. The costs to contain damage, stop attacks, implement workarounds, reestablish reputation and pay HIPAA fines could jeopardize your company’s assets.
  • You could become a victim of electronic theft. Your intangible resources or physical devices, such as laptops and hard drives, are also at risk.
  • You may be placed under the significant burden of extortion. CryptoLocker is a cyber-extortion malware that demands payment to unencrypt hacked files. Hacktivism, hacking for a politically or socially motivated purpose, recently occurred with Sony Pictures and its film, The Interview. In 2013, North Korea hacked into the sony Pictures system and threatened to erase all valuable information (i.e., scripts, movie clips, etc.) if the film was released.

Please visit or contact a CNA representative to pinpoint your risk areas that are becoming more and more vulnerable in the context of today’s emerging technologies.

One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.

By visiting our web site,you accept the terms and conditions as described in our Terms of Use.

Privacy Center | Conflict of Interest | Licensing Disclosure | General Disclaimer | Sitemap

"CNA" is a service mark registered by CNA Financial Corporation with the United States Patent and Trademark Office. Certain CNA Financial Corporation subsidiaries use the "CNA" service mark in connection with insurance underwriting and claims activities. Copyright © 2022 CNA. All rights reserved.

/web/guest/cna/from-the-experts/authorbio/blogdetails Healthcare Exposure Trends: Be Aware of Rising Risks Z6_40KKTL4U2REB90AH8FND8R00T6 /CNA /ListofAuthors /AuthorDetails /IndividualBlogDetails