Since telehealth surged during the pandemic and remains a standard way to deliver and receive care, telemedicine malpractice insurance policies are increasingly common.
Cyber threats and security breaches constantly evolve, making protecting your practice data more urgent than ever. “One breach or hack can take down the operations of an entire practice. Many small businesses simply can’t recover,” says Alison Green, Director of Brokerage at Capitol Special Risks (CSRisks), a firm specializing in professional management and cyber liability.
If you’ve added telehealth to your practice or expanded your virtual care services, let your insurance carrier know your risk profile has changed. You may need a telemed policy. Telemed carriers are an important partner with practice owners, helping to prevent potential risks of providing virtual care.
Following are some examples of cyber threats that come with providing telehealth:
- Your third-party software solution is compromised, which includes patient health information (PHI)
- Malware encrypts or locks valuable digital files, demanding a ransom to release them.
- An attacker intercepts communications between you and a patient without your knowledge.
- An employee or contractor with access to your telehealth system and patient data intentionally or unintentionally misuses access, leading to a security incident.
AI makes the possibility of cyber events even easier, with bad actors going beyond emails and calls to spoof other people. AI-generated videos can create a deep fake video to impersonate a trusted partner who directs the release of funds. This occurred in February 2024 when a Hong Kong firm lost $25 million to fraudsters using video conferencing to deliver a deep fake video to impersonate the company’s chief financial officer.
“Because of the ongoing threats from bad actors to try to access healthcare data. healthcare is a huge target. Ransomware events are increasing, and demands are getting higher,” says Green.
Your telemed questions answered
If you offer virtual care, consider purchasing telemedicine insurance coverage. Following are four answers about telehealth policies.
How is telehealth coverage different from other liability coverage?
Telehealth coverage covers your virtual medical services, digital communication, software and cyber liability in one package. A telemed policy provides practice owners with risk management expertise to prevent cyber attacks and 24/7 support in the face of one.
Do you also need professional liability insurance if you have telehealth coverage?
Telehealth is a method of healthcare delivery, but it typically is not the only method providers use. Professional liability insurance covers other areas of your practice.
If you have an existing malpractice policy, and your carrier doesn’t want to extend coverage to your virtual visits, you can add on a telehealth policy.
“These new telehealth policies try to consider all of the different moving parts that go into offering that type of care virtually, ensure there aren’t any gaps so that if there were a claim because of a telehealth visit, it would fall under one policy,” says Alison Green.
What are the cyber risks for a solo provider or small practice?
One of the biggest challenges for smaller practices is the lack of budget to invest in security measures properly. Small practice owners typically manage the day-to-day operations, making risk management fall lower on the list. This means small business owners are easier targets for cyber attacks and ransomware. “The low-hanging fruit is easier to breach, so the threat actors have realized they can go after twice as many smaller practices to get the same return,” says Green.
Another big issue for small entities is human errors, such as mistakenly clicking on a link that downloads a virus into the system. Phishing is the cause of some 90% of data breaches, according to Cisco’s 2021 Cybersecurity Trends report. “One of the most important precautions for smaller practices is ongoing employee training on best practices to keep data safe,” says Green.
What are the benefits of a telehealth policy?
A telehealth policy protects your practice in case of a cyber breach, a ransomware attack or an accidental release of PHI. Cyber carriers offer 24/7 support in the case of an event, as well as expert advice from attorneys and cyber experts. Immediately responding to a breach can help contain the damage.
How does a telemed policy help with risk management?
Having a telemed policy allows you to outsource your risk management to an insurance carrier staffed by experts in cybersecurity. A telemed plan covers you in the event of a cyber threat and helps you prevent one from occuring in the first place by offering security reports and training. “You’re buying insurance and risk management services to help you be compliant,” says Amanda Sedliak, president of CSRisks.
Checklist for protecting your practice from cyber threats
- Closely evaluate the sender’s email on any message that asks you to click on a link or download a file.
- Don’t use USB drives that you don’t own.
- Use VPNs on public networks.
- Set up continuous or daily backups.
- Use a secure Web Application Firewall (WAF).
- Enable multi-factor authentication (MFA)
- Set high-level spam filters on email.
- Train your staff and conduct a simulated cyber attack to detect vulnerabilities.
- Don’t open emails that look spam.
- Install antivirus software.
- Keep firmware up to date and install patches and updates immediately.
- Use secure, password-protected Wi-Fi.
- Encrypt your devices.
- Restrict access to cloud infrastructure attacks to admin rights only.
- Keep a disaster recovery plan up to date.