Cyber Insurance Basics for Digital Health



If you’re building a digital health solution, you might be surprised to know that most hospitals and healthcare systems require application developers to have cyber insurance policies in place before app testing or trials begin. 

In fact, companies will often get asked to provide insurance details when filling out a Vendor Security Assessment (VSA), part of the enterprise sales process.

To developers, this might seem like another hoop to jump through and an additional burden.

To hospitals, it’s a smart way to mitigate the risk associated with unfamiliar tools, and protect IT environments and health data from disruption or harm.

A few years ago, MedStack began partnering with fellow Canadian company Zensurance to help digital health innovators more easily overcome this hurdle. 

Zensurance is Canada’s leading online commercial insurance brokerage and is transforming the way startups and small businesses manage their commercial insurance needs. 

According to Zensurance Co-Founder and CEO Danish Yusuf, “Cybersecurity insurance is critical for anyone holding sensitive medical information. However, in order to get this insurance, one has to convince an insurance company that the underlying technology and databases are highly secure, conform to all regulatory requirements, and are managed by someone with deep experience in the field. MedStack’s platform accomplishes this in a consistent, rigorous manner.”

Below, we share some of the most frequently asked questions we’ve encountered from innovators in the healthcare space. Special thanks to Harry Cardy, Team Lead, New Business at Zensurance for taking the time to provide us with these answers.

Disclaimer: These responses are for information purposes only. Every business owner should have a licensed broker walk them through the details of any and all coverage lines to ensure their understanding.

What kinds of insurance coverage do I need to consider as a healthcare application innovator?

Every business is unique, and insurance requirements will vary based on industry, specialization, and location; however, there are three primary coverages recommended for all healthcare application innovators: 

Professional Liability Insurance provides coverage against incidental financial loss & bodily injury arising from your services and negligence or failure to deliver a service as promised.

Cyber Liability Insurance, which protects against the unauthorized disclosure of client information (critical for the healthcare space), in addition to losses related to an electronic incident, such as the cost to repair your systems after a breach, notification costs, reputation management, etc.

Commercial General Liability Insurance protects against third-party bodily injuries (e.g., slip-and-fall) and property damage. This coverage is highly recommended for anyone who rents an office or visits clients.

My application is still in development. Do I need to obtain insurance before I start selling my solution?

Mistakes can happen at any time. It is recommended that application developers purchase coverage before generating revenue or signing a contract. 

How should insurance be set up for a Canadian company operating in other markets?

Most of the policies sold by Zensurance provide coverage for Canadian businesses operating and generating revenue in foreign markets (e.g., US, Europe).

Is it true that most cyber insurers require data security testing before coverage is issued? How do I prepare for this?

Most insurers like to see that you have adequate security measures in place to mitigate risk (e.g., daily backups, firewalls, anti-virus protection, encryption, etc.). However, a security test isn’t required to obtain a quote.

Do I need cyber insurance if my application is HIPAA compliant?

Yes, cyber claims are becoming increasingly common. It is highly recommended that all businesses protect themselves against electronic incidents with Cyber Liability Insurance.

What happens in the event of a breach or cyber attack? Am I off the hook if I have coverage? 

Cyber Liability Insurance is designed to cover costs associated with electronic incidents involving your technology systems and customer data.

As businesses move into the digital space, cyber losses are becoming more common, making it challenging for business owners to protect themselves from cyber-attacks.

If hackers or cyber criminals infiltrate your business network, take over your website, hold data hostage, or steal sensitive client information, you can be held liable for the incident besides taking care of the recovery costs.

Your Cyber Liability Insurance policy could cover costs related to incident response, legal and breach management, system restoration, system business interruption, and social engineering. Speak with a Zensurance broker to see which coverage is right for your business.

How does Zensurance work, and how does it compare to using a traditional brokerage?

Since 2016, Zensurance has quickly emerged as a leader in the insurance space, revolutionizing how business owners find and purchase insurance for their businesses.

By leveraging process automation and analytics to identify the most common risks, Zensurance rapidly creates industry-specific insurance packages. Small business owners no longer have to wade through endless forms; they can purchase at their convenience within minutes online.

With over 50 insurance partners, Zensurance has serviced over 150,000 small businesses and sold 10,000 policies across numerous industries. It is the most advanced business insurance platform operating across nine Canadian provinces.

Looking for additional info? Check out this article for more on how cyber insurance can help you sell your healthcare app.

Image credit: Arthur Bowers from Pixabay