| Cyber Liability Alert:
800,000 Lost Patient Records at MA State Hospital
Real examples of the need for Cyber Liability coverage
 South Shore Hospital in Weymouth, Massachusetts reported on July 19 that computer files containing personal information on 800,000 individuals were missing. The computerized back-up files were sent to be destroyed by a contractor, but now cannot be located or accounted for. (See the reports in the Boston Globe and Boston Herald.)
The files apparently included names, addresses, Social Security numbers, medical records and perhaps credit card numbers and other sensitive data. Per Massachusetts law, the hospital reported the loss of the files to the state Attorney General's office, and to various other agencies. The hospital is also planning to notify each of the 800,000 individuals involved.
The potential Cyber liabilities
So far, there is no evidence the missing records were improperly used, such as in identity theft or spurious credit card transactions, but South Shore Hospital still faces potentially huge liabilities that can typically be addressed by cyber coverages.
- The hospital will now incur the costs of notifying all 800,000 individuals of the incident which could easily amount to millions of dollars in postage, printing, mailing and administrative expenses.
- If investigation shows the records fell into the wrong hands, or that patient information was compromised, the hospital could be liable for the costs of credit monitoring services for the individuals, actual credit card losses and related costs.
- The hospital could also see lawsuits arising from the lost records, which will incur defense costs, even if the hospital prevails or the suits are dismissed.
Note that this particular loss occurred even though the hospital had procedures and safeguards in place.
Our suggestion: If you collect financial or sensitive information of any kind in your daily business activities -- this incident should serve as a cautionary tale. If you have any questions about Cyber Liability coverages, please feel free to ask. It's why we're here.
Cyber Liability, although a relatively new coverage grant, is a very important coverage that should be addressed through a formal exposure review and evaluation. I welcome each of you to share the above article with your teams, and should you have questions on available markets, coverages, exposure review considerations or anything for that matter, please just holler! |
