Data breaches are certainly not unique to the healthcare industry. Large data breaches like the one experienced by Target stores in late 2013 seem increasingly common. Retail, financial, and other types of companies hold consumers’ financial information, but the healthcare industry also holds sensitive health information protected by HIPAA, making a data breach all the more problematic. Especially given the added risk, healthcare providers and insurers should make sure they are covered from lawsuits, administrative fines, and other financial losses that result from a breach.
However, many companies still rely on corporate general liability insurance to soften the blow of a security breach. Often, the language in those policies was drafted before so much information was digital and proven vulnerable to hackers around the globe. Now, increasingly, general liability policies are excluding breaches, carving out those benefits into separate cybersecurity policies. Such policies typically cover privacy notification expenses, administrative penalties, crisis management, and other costs. This shift to separate policies can cause companies to mistakenly believe that their general liability policies still cover breaches. Thus, healthcare companies should review their coverage and make sure that if their firewalls fail, their liability insurance won’t.