Hospital Cybersecurity

Written By Li Wang

Following a wave of cyberattacks, hospitals struggled to retain cyberinsurance coverage and prevent premiums from skyrocketing. They turned to their state hospital association for help. Health Business Group leveraged expertise in cybersecurity and healthcare to recommend a course of action. 

Background

  • Ransomware and other devastating cyberattacks on hospitals had resulted in enormous payouts by cyberinsurance carriers, leading to tougher underwriting standards, non-renewal of coverage, and rapidly rising premiums

  • Member hospitals asked their state hospital association, which already provided IT services, to develop a plan to assist

Client request

  • Develop a business case for a service offering to enable members to maintain coverage and lower premiums

  • Combine cybersecurity expertise, knowledge of hospitals, and business planning skills to craft a plan that CEOs would understand, technical staff would endorse, and Client could implement

  • Develop a summary presentation for upcoming board meeting

Key issues for consulting team to address

  • Context for cybersecurity

    • Hospitals’ common and unique roles within broader cybersecurity landscape

    • Insurance carrier requirements and opportunities to influence

  • Case for collaboration

    • Role for statewide association v. individual hospitals v. national organizations

    • Insurance carrier perspectives on group initiatives

    • Governmental initiatives

    • Client core competencies in IT and security

  • Best practices

    • Roles played by other statewide and national hospital and health care entities

    • Examples from more advanced industries, e.g., financial services

    • Vendor-led initiatives

  • Potential offerings, e.g.,

    • Education and support

    • Technology and services

    • Captive insurance and pooled purchasing

Health Business Group approach

  • Health Business Group leveraged its partner company, Atumcell for deep cybersecurity expertise to complement its healthcare knowledge

  • Secondary data sources included the HBG and Atumcell knowledge base, insurance industry sourcebooks, government data and whitepapers

  • Primary sources included interviews with state and national hospital associations, insurance brokers and carriers, cybersecurity experts, and vendors

  • Laid out a series of robust offerings to address underlying cybersecurity risk while satisfying insurer requirements. Steered clear of mere “check the box” solutions

  • Developed CEO-level presentation for association’s board

  • Outlined next steps to gather member feedback, develop a formal business plan, begin implementation

Outcomes

  • Took advantage of C-level attention caused by cyber insurance crisis to lay out a robust, long-term approach to reduce risks

  • Established basis for Client to develop a new line of business with strong potential in local market and nationwide

Li Wang

I’m a former journalist who transitioned into website design. I love playing with typography and colors. My hobbies include watches and weightlifting.

https://www.littleoxworkshop.com/
Previous

Remote Patient Monitoring 
Next

Molecular diagnostics portfolio assessment and choice structuring