National
Public Radio and other news outlets are reporting that a Los Angeles-area
hospital recently paid a $17,000 ransom (in the form of 40 bitcoins) to hackers
to unencrypt its computer networks, which had
been held hostage after “ransomware” was introduced into the hospital’s
network. Ransomware is a form of malicious software, or “malware,” that
encrypts information or aspects of an organization’s computer network,
preventing authorized users from accessing it.
The persons who maliciously
cause the ransomware to be placed on the network, then demand money in exchange
for an encryption key to unlock the network. It is not difficult to see
the tremendous economic losses and liability risks of a ransomware attack, in
particular to a medical facility treating vulnerable patients.
There are a number of ways companies may protect
themselves, their personnel, their computer networks and their customers from a
ransomware, or other form of malware, attack; and insurance, including
cyberliability coverage, should be considered a key component of those
protections. Indeed, many cyberliability insurers include, or offer as an
option, coverage for “cyber extortion,” which may cover ransom payments to end
a computer security threat, such as in the Los Angeles hospital case.
In addition, #cyberliability_insurance may cover a
company’s costs to notify potentially affected persons and legal liability
(including the costs of defending against claims) in the event that a malware
attack results in the disclosure of confidential information. And the
insurance is often designed to respond, whether the malware is introduced by an
intrusion into the network by an outsider, or through the unwitting assistance
of an employee or authorized person, such as in a “spearphishing” attack.
As the cyberliability insurance market continues to
mature and evolve, policyholders should be aware of the scope of available
coverage, and should seek assistance when negotiating new or renewal
cyberliability insurance to ensure they obtain the most comprehensive coverage
available to fit their needs.
No comments:
Post a Comment