Cybersecurity

New North Dakota Hospital Association program helps hospitals score affordable security services—and cyber insurance

The Cyber Cover program may be the first such health care partnership in the US.
article cover

Luis Alvarez/Getty Images

4 min read

An initiative to provide hospitals and other medical organizations across North Dakota with affordable cybersecurity and insurance might be the first of its kind in the US healthcare sector.

Cyber coverage isn’t cheap. Casey Holland, a senior insurance and risk advisor for Marsh McLennan Agency (MMA) specializing in healthcare, told IT Brew via email that depending on preparedness, scale of coverage, and deductibles, premiums can range from $10,000–$30,000 annually. Larger hospital networks can run up premiums in the six figures each year, Holland added.

That’s why the North Dakota Hospital Association (NDHA) is trying to tackle the problem from both sides. Its recently created Cyber Cover program partners members with MMA’s Vaaler Insurance and security firm Critical Insight with the intent of scoring discounts and balancing spending between prevention and liability coverage.

Aaron Brennan, director of strategic partnerships and trust administrator for NDHA, sat down with IT Brew to discuss the program.

This interview has been lightly condensed and edited.

On why the NDHA took a proactive approach towards cyber insurance

We in North Dakota have been very fortunate, where our members haven’t experienced—or at least, at that time didn’t experience—any cyberattacks. But we felt that if it was happening across the country, and happening in other states, that there was a likelihood that it was eventually going to be an issue in North Dakota.

And so we wanted to be proactive and try and put a program in place that went beyond just providing insurance coverage…Having insurance is just one component. We were able to source that and partner with a vendor that could improve the resilience of our members, so that when eventually a cyberattack does occur, they are well-positioned to deal with that threat.

On cybersecurity challenges facing healthcare institutions in North Dakota

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

It’s very difficult to find IT personnel in rural North Dakota, or convince someone to go and live in rural North Dakota. So, finding resources from a staffing perspective is super difficult…I think that the geographic makeup of our state does make it a bit more challenging.

Not just our state, but in other upper Midwest states, where we have a number of independent rural hospitals—simply having the resources to protect your network is, I think, challenging, because it isn’t cheap.

On partnering with a cybersecurity vendor

The underwriting process, it has become a lot more laborious, and going through that process, carriers are asking more questions. However, we felt that a lot of the time they weren’t asking the right questions, and in some cases, they weren’t going far enough with the underwriting.

Critical Insight identified a number of questions that they felt carriers should be asking, and in order to access some deeper discounts. Critical Insight [does] help and will help our members with the underwriting process if one of our members chooses to work with Critical Insight.

Every single one of our members does have cyber insurance. Not all of them have an external vendor like Critical Insight actively managing their network…There’s a perception that it’s super, super expensive, and when hospitals don’t have much cash on hand, it is a tougher sell to have them take some of those enhanced security measures that [companies like] Critical Insight would offer.

But again, as with the recent Ascension attack—and I do anticipate [there]will probably be one or two other large attacks in the next 12 months at a national level—we’re lucky we have the program in place. We will see more and more members engaged in it.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.