What You Don't Know...Can Hurt You
By Susan Decareaux, CPCU, RPLU, CISR
The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy.
David, an employee of Dr. Jerome’s medical practice, was in college studying to become an IT Specialist. David was hired to manage the practice’s social media presence while he was still in high school. He posted updates to the practice’s Facebook account as well as helped to respond to any negative comments that were posted, and otherwise monitored the practice’s internet presence. With David’s advancing education, his duties expanded to include helping with cybersecurity and any other computer related issues, including setting up new equipment.
Sandra, the practice manager and David’s aunt, asked David if he thought he would be able to create a new website for the practice. Although David was not studying graphic design in school, he was aware of programs that assist in the creation of a website, and he jumped at the opportunity to help update the image of the practice and exercise some of his creativity.
David created an attractive, modernized and easy-to-use website that included an online appointment scheduler as well as links to the practice’s Facebook page. The website was launched and the practice received many compliments from current patients, as well as a few new patients that came to the practice after finding them online via their website.
About three months after the website was launched, the practice received a letter that alleged that one of the images on the website was used without an active license and therefore the use of the image was considered copyright infringement. Sandra asked David if he had checked for copyright on the images that he used on the website, and he said that he thought they were all royalty free but he could not say for certain. Sandra called SVMIC because she always called any time she had a question or problem.
Fortunately, for all involved, Dr. Jerome’s practice was insured with SVMIC and his policy included $50,000 of cybersecurity coverage through NAS. The cybersecurity coverage not only provides assistance for a cyber-breach or cyberattack, but also includes multimedia liability coverage*. Sandra sent a copy of the letter to an SVMIC claims attorney and when NAS was subsequently notified, they were able to assist Sandra in responding to it.
Multimedia liability provides coverage for third party claims alleging copyright/trademark infringement, libel/slander, advertising, plagiarism and personal injury for both online and offline media. The multimedia peril for which coverage is provided is defined as “the release of or display of any electronic media on your internet site or print media for which you are solely responsible and which directly results in …infringement of copyright, trademark, trade name, trade dress, title, slogan, service mark or service name…” (Cyber Security Endorsement (01.2015) (RL 2016) P22, Section II, Number 4).
It may not occur to policyholders in this situation to report a copyright infringement claim to their cybersecurity insurance carrier. The embedded coverage included in the professional liability policy through SVMIC is specifically designed for healthcare providers and each policyholder should consider whether the limits are sufficient for their situation. Along with multimedia liability and privacy breach response coverage, the endorsement includes coverage to recover and/or replace lost data, loss of income, cyber extortion and cyber terrorism expenses, and more.
In addition to the cybersecurity coverage through NAS provided in SVMIC’s medical professional liability policy, there are other tools available to our policyholders. SVMIC has partnered with NAS to bring our policyholders access to NAS cyberNET. This site features monthly cybersecurity updates, webinars and online training and support. Access this site at https://home.svmic.com/resources/cyber-security. In addition, SVMIC’s Medical Practice Services offers consulting and training related to cybersecurity and HIPAA.
*Cybersecurity coverage is subject to terms, conditions and exclusions not described in this article. The information contained in this article concerning cybersecurity insurance is intended to give you an overview of the coverage available. None of the information—including any policy or product description—constitutes an insurance policy or guarantees coverage. The policy contains the specific details of the coverages, terms, conditions and exclusions and coverage determination is made by the company at the time of a claim.
 All names have been changed for confidentiality
The contents of The Sentinel are intended for educational/informational purposes only and do not constitute legal advice. Policyholders are urged to consult with their personal attorney for legal advice, as specific legal requirements may vary from state to state and/or change over time.