Hacker steals private healthcare records from private ambulance operators
A hacker gained access to a private ambulance operators’ system and stole hundreds of patients’ private healthcare records, which contained highly sensitive information. As soon as they became aware, the operator knew they would have to notify every patient and the relevant regulatory boards to inform them of the cyber-attack. Furthermore, they would have to take extensive action to correct the issue and cover the legal costs of other regulatory investigations.
The private ambulance operator had invested in a cyber insurance policy which meant they were able to telephone our cyber partner’s incident response team immediately, who would help them manage the incident. They were assigned an incident response manager, and specialist legal services were bought in to manage the legal and regulatory implications.
Over £50,000 was incurred in incident response manager fees, notifying affected individuals, identity theft monitoring services for affected individuals and legal consultation fees. A further £100,000 was incurred in defence expenses and settlement costs for claims where individuals’ had their identity’s stolen. All costs involved in responding to the incident were covered by the business’s cyber insurance policy. If the business did not have this cover in place, they would have had to deal with these complex issues and would have been liable for all the costs in dealing with the data breach.
In an industry where you store confidential data, it is vital that you have a robust cyber insurance policy that forms part of your risk management programme as it will act as an invaluable safety net and protect your business, should the worst happen.