March 23, 2016 | 1:00 PM ET – 2:00 PM ET | CLE-eligible


Is Healthcare Really a Radioactive Risk for Cyber Insurance?

Healthcare organizations (both HIPAA Covered Entities and Business Associates) are seen as a particularly risky proposition for cyber insurance providers. High profile breaches have led to significant regulatory fines, first party losses, and crippling damage to reputation and business. With the advent of publicized OCR audits starting in 2016, aggressive state and Federal actions even against small clinics, and a public concerned about further loss of personal information, it’s not surprising that insurance carriers are re-assessing their appetite for this sector. The rise of health information exchanges (HIE) , WiFi enabled medical devices, and physicians’ portable computers have increased concerns.

At the same time, technical safeguards have improved enormously to protect electronic patient records and track unauthorized access (at least for larger better funded health organizations); and most types of PHI (e.g. physician notes and digital medical records) remain difficult to steal and exfiltrate from a hospital’s network.

So what does 2016 hold? Will organizations handling PHI continue to be seen as inherently high risk? Will the concept of PHI split into PHI-Heavy (e.g. traditional medical records) and PHI-Lite (data that could also be classified as PII)? Should Covered Entities move out of the business of data storage? Will health organizations become divided into the “haves” and have nots” as regards good security risks?



Our expert panel will explore in-depth:

Why is healthcare seen as a radioactive risk?
   • Regulatory developments and recent cases

Specific risks facing healthcare
   • Are hackers actually targeting healthcare data?
   • HIPAA audits – immediate risk, then discoverable time bomb?
   •  Legacy systems and the outcome of healthcare amalgamations
   • The tension between security v. integrity/availability
   • Business Associates (and other weak links in the chain)
   • Those paper records

How can healthcare organizations reduce risk? (and get better insurance deals)
   • Utilizing HIPAA assessments to reduce the actual risk of breach
   • Encouraging stakeholder collaboration – Will Dr. Kildare ever become a CIPP?
   • Can Covered Entities get out of the PHI storage business?