Search for insurance help

Health Sector and Cyber Risk

Privacy Act 1988 regulation impose obligations on health practices for safekeeping and privacy of health records which include sensitive personal information of patients and their medical condition

The Australian government introduced the notifiable data breach scheme on 22nd February, 2018. As per this scheme, health practices can be penalised by the Privacy Commissioner for negligence in protecting sensitive information held by the medical practice. They must now notify individual’s whose data has been compromised.

Combined with regulatory risk, the threat of malicious activity or human error in relation with IT systems can cause security events which can cause of loss of critical data, system glitches and interruption to business operations and result in loss of profit.

Investment in cyber security
Health practices must maintain security postures and demonstrate investment security initiatives firewalls, anti- virus, encryption, patch management and staff training. Cyber risk calls for risk management through a combination of elimination, mitigation and transfer mechanisms. Similarly, the increase in social engineering attacks puts at risk operational continuity of a health practice because of which patient could find it hard to access the right treatment when required.

Cyber insurance 
  • Cyber insurance offsets operational, regulatory and financial costs associated with security incidents.
  • Cyber insurance offsets cost of notification
  • Cyber insurance provides incident response.

Cyber insurance – Coverage
  • Notification Costs/ PR Expenses – Expenses for notifying individuals and use of Public Relation firms and their fees
  • Regulatory Fines – payment for fines imposed by the Privacy Commissioner 
  •  Restoration costs related to data and system – cost of restoring data and systems if they are made inaccessible after an incident
  • Cyber Response Team – Clients are provided with a Panel when they make a claim – this panel consists of a PR firm, Legal firm and Forensic firm, this panel is made available within 24 hours after an incident . The cost of this panel is borne by the Insurance company 

IT considerations before acquiring cyber insurance 
  • The clinic must ensure it can demonstrate both financial and operational investment into cyber security tools such as firewalls, backups, processes and privacy policies
  • Consult your IT provider and request a comprehensive cyber security risk assessment
  • Ensure your staff are aware of what cyber security is and that they can demonstrate awareness of the risks associated with cyber crime
  • Consult your IT provider to ensure that your practice is compliant with the cyber insurance IT requirements

About: 
Rend Tech Associates is one of Australia’s leading Healthcare IT firms focussing on cyber security, healthcare innovation and technology solutions supporting healthcare service delivery.

Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.

A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.

Purchase up to six products under one Business Insurance Package. 

Rend Tech Associates is one of Australia’s leading Healthcare IT firms focussing on cyber security, healthcare innovation and technology solutions supporting healthcare service delivery.
Cyber Data-Risk Mangers is a recognised expert in the field of cyber insurance. Meena Wahi, Director of the company. She speaks at conferences along with CISO, law firms and consulting firms on Cyber risk.
General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.


Meena Wahi, Cyber Data Risk Managers, ABN 34 161 961 422

Comments (0)

Related insurance brokers

Review rating
183 reviews

Featured Featured

Nilima Pokala

SureInsure Insurance Advisors

  • Typically replies within
    a day
  • Review rating
    16 reviews

    Featured Featured

    Shane Brady

    Stone Lane Broking & Risk Advisory

  • Typically replies within
    a few minutes