Cyber, privacy and media insurance cover

The threat to your practice and your patients is increasing with the rise of electronic communication and record keeping. Small businesses within Australia, including healthcare practices, are frequently exposed, through the internet and email, to viruses, malware and potentially hacking as well.

MIPS’ cyber, privacy and media insurance provides cover for a variety cyber perils that can affect healthcare practices. The cover provides compensation for financial losses, eg if systems are damaged by viruses, and sums you are ordered to pay as a result of a security breach, eg stolen credit card information.

This cover is subject to application and approval and is provided at no additional cost as part of membership provided your practice meets the eligibility requirements of the practice entity policy.

Apply for Practice entity, cyber,
privacy and media cover

Want more information on Cyber insurance?

The MIPS blog has articles including:

See eligibility requirements for practice entity cover.

Cyber peril Covered
Hacking attacks or viruses in both your computer network or a cloud network you are using tick.png 
Security breaches of:
  • personally identifiable information
  • employee data
  • your website's privacy statement
  • requirements for processing and storing credit card information
  • a cloud computing provider's system your business uses
Notification to individuals in the event of a security/privacy breach  tick.png 
Damage to data  tick.png 
Damage to computer systems  tick.png 
Reduction in profit if your business is interrupted by cyber peril  tick.png 
Harm to your reputation tick.png 
Regulatory investigation costs and expenses  tick.png 
Regulatory fines and penalties  tick.png 
Mandatory notification costs in the event of a security breach including legal costs to draft notification, printing and postage, credit monitoring services, identity theft helpline, security audit and forensic investigation  tick.png 
Libability for disclosue of private information (eg patient's credit card details)  tick.png 
Ransomware that locks and prohibits access to your computer system  tick.png 
Defamation arising out of social media (costs you become liable to pay)  tick.png 
Intellectual property infringement arising out of social media  tick.png 
Content liability for social media  tick.png 

Exclusions: Cyber cover excludes cover under the policy for insuring clause 3, sections A, B, D and E & insuring clause 5 including Computer Crime, Identity Theft, Telephone Hacking and Technology Errors and Omissions. See the Cyber, Privacy and Media Policy for definitions.

When would I need cyber cover?

Imagine you and your practice in any of the following scenarios. These are all likely scenarios that could easily happen to businesses in Australia where cyber cover can provide support.

folder-lock-chain-lock-white-safety-OPTHackers gain access to your patients' medical records and encrypt them. They demand a ransom of $2,000 to decrypt the files. You have patients in need of urgent medical attention but you cannot access their records.

You and your colleagues take a principled decision not to pay the ransom but discover that your backup files have been damaged. They are potentially repairable but you will need to pay for expert assistance.

In this scenario you may be able to claim costs for hiring an independent computer security consultant as well as the cost of the ransom, if it is paid, or even the cost of a reward for identifying the perpetrators.

Virus-spyware-OPT2You open an Word document emailed to you and inadvertently infect your computer with a virus. The virus encrypts files and locks access to the payments and billing software.

You continue to see patients but the business is disrupted because you cannot bill them as you normally would. You contact an IT firm to assist but they advise that they cannot guarantee success and suggest a replacement PC would be cheaper.

In this scenario you may be able to claim costs for both a reduction in profits and system damage.

Malware-OPTYour practice manager inadvertently installs a program that contains malware. Once installed, this gives a cyber criminal a doorway to hack into your system. When you arrive at the practice, the server which hosts your website is offline, none of the PCs will start and your receptionist cannot access the appointment list.

You are forced to call in an IT consultant to remove the malware but it takes over two days and the server is repaired and software reinstalled. Your receptionist is hassled by grumpy patients who cannot book appointments through your website nor understand why your receptionist is unaware of their appointment.

In this scenario you may be able to claim costs for hiring an independent computer security consultant, repairs to the server, replacing software and the reduction in your profit caused by current and future patients not attending appointments.

lawsuit-OPTYou take a photo of a mole on a patient's upper leg and forward it to a colleague to get a second opinion as to whether it is actually a melanoma. Your colleague uses the photo in an online blog discussing melanomas and presumes you obtained the patient's consent.

When patient discovers this, they are embarrassed and make a complaint to AHPRA and threaten to sue for damages.

In this scenario you may be able to claim the costs for which you become legally liable to pay due to the public disclosure of private facts and breach of confidentiality.

The MIPS Members' Cyber, Privacy and Media Policy limits of cover are: 

Area of cover Limit of cover
System damage and business interruption $100,000 (Max $20,000 per day)
Breach notification $100,000
Cyber and privacy liability $100,000
Media liability $100,000
Regulatory privacy actions $100,000
Consequential reputational harm $100,000  (Max $20,000 per day)
Threats and extortion $100,000
Court attendance costs $100,000  (Max $2,000 per day)
Crisis communication costs $100,000

If eligible, cover is provided at no additional cost to your membership, however, a $1,000 deductible is payable for each claim. 

To receive this cover your practice must meet the eligibility requirements under the MIPS Members' Practice Entity Policy. The practice must be owned by MIPS members who perform the majority of the healthcare within the practice.

Cyber, privacy and media cover is subject to meeting both requirements of the MIPS Members' Practice Entity Policy and the MIPS Members Cyber, Privacy and Media Policy. Download policy documents.

Cyber, privacy and media insurance cover is provided through MIPS membership by CFC Underwriting.