Cyber policy for U.S. health care providers launched

London-based specialty lines managing general agency CFC Underwriting Ltd. on Tuesday said it has launched a new policy for U.S. health care providers.

The policy, designed for hospitals, doctors, and frontline health care providers, is “the first in a suite of cyber policies that CFC is creating for specific industry sectors,” the company said in a statement.

Limits are available up to $10 million, according to a CFC spokeswoman.

The features of the policy include coverage for corrective action plans under the Health Insurance Portability and Accountability Act, coverage for injuries as a result of a cyber attack, and coverage of costs to improve risk management controls after a breach. There are no retroactive dates on the policy, according to the CFC statement.

“Health care companies have arguably become the largest target of hackers due to the vast amounts of highly sensitive data that they work with and store,” said Vicky Paxton, CFC's cyber practice leader. “To make matters more complicated, there is rigorous legislation surrounding the protection of this patient data, opening companies up to regulatory fines and investigations if they suffer a breach. All of this means that health care companies have a unique risk profile that most standard cyber policies fail to cater to. With CFC's experience in both health care and cyber, we thought it was a great opportunity to develop a policy for these companies that is truly fit for purpose.”