Cyberattacks are a major risk factor that healthcare organizations have faced in recent years. This has been due to several factors. First, healthcare organizations have many devices that access the network due to the nature of services they provide. Second, healthcare organizations have sensitive patient data in high demand from the attackers. Successful attacks cause significant damage in reputation and financial payout for the organizations. Consequently, many have turned to cybersecurity insurances. Even so, the insurance is not the perfect solution, as the high risk of cyberattack drives the insurance premium upwards and even the organizations with insurance coverage are often underinsured.
The paper discusses a few suggestions for the healthcare organizations and policymakers to improve the current situation. When an organization is looking to purchase cybersecurity insurance, it should carefully assess its risk and capabilities to find the right policy, make sure the insurance policy coverage is sufficient, and bargain for a fair rate. Moreover, the organizations should not solely rely on insurance as a defensive measure from cyberattacks because no insurance policy covers damages to reputation and moral hazard. Instead, the authors suggest that the organizations collaborate for information on best practices in cybersecurity, make the system more resilient, and increase cybersecurity staff. Lastly, policymakers should help smaller hospitals benefit from cybersecurity insurances and regulate the healthcare organizations’ cybersecurity policies and practices to reduce threats.
Author:
Kabir, Umar Yusuf ; Ezekekwu, Emmanuel ; Bhuyan, Soumitra S ; Mahmood, Asos ; Dobalian, Aram
