South Florida Hospital News
Tuesday January 21, 2020

test 2

June 2019 - Volume 15 - Issue 12




Danna-Gracey Now Offers Free Employee Cyber Testing Program to Help Reel In Threats of Cyber Attacks

One of the top cyber threats a healthcare organization faces today are from external creative exploits such as phishing. When a Phishing exploit is successful, ransomware or crypto jacking can be deployed onto your corporate network. The cyber criminals behind these attacks are after patients’ protected health information (PHI) which is why hospitals, physician practices, medical groups and their business partners are among the most sought after organizations.

“The financial world is also under constant attack by cyber criminals, but most banks and financial institutions have taken the proper steps to combat cyber theft because they deal with money (SEC) every day,” says Tom Murphy with Danna-Gracey, one of the largest independent brokers of insurance coverage for the healthcare sector.
Despite many warnings, Murphy points out that there are still many smaller and mid-sized medical practices and healthcare organizations that have not taken any action. Or if they have taken any action, it’s dated, weak and unable to protect them adequately from cyber exploits.
“These criminals can not only access personal details, such as their name, address, social security, date of birth, and credit card information, but they also get a patient’s personal health history. What they do is sell it on the black market or dark web to people who set up accounts and begin using someone’s health insurance,” says Murphy. “A credit card number may fetch a few dollars on the dark web, but medical records can fetch upwards to $300 in the healthcare identity fraud world. That’s why medical practices and hospitals are some of the biggest targets out there and must constantly evolve and improve their cybersecurity strategies.”
“Many larger facilities and practices are taking necessary steps to limit the use of connected devices and implement duel authentication methods to prevent breaches,” says Murphy.
“Many medical practices are still lagging in these areas and most practices believe they have sufficient protection and are naively overconfident,” he adds. “Unfortunately being 99% protected is 100% vulnerable.”
Murphy recalls a mid-sized orthopaedic practice in Florida that suffered two ransomware attacks within a two week period. The practice sustained a serious interruption to the practice and loss of revenue.
“Fortunately, they listened to advice from us and purchased the necessary coverage that paid them over 95% of the loss,” says Murphy.
There are several best practices your healthcare organization can take in order to avoid cyber threats such as ransomware and phishing attacks, according to Murphy. 
“I cannot stress the importance of getting the C-suite and management involved to make sure that the proper employee testing and security awareness training is conducted on a regular basis and try to have one individual solely responsible for information security,” he says. “Also, hospitals and practices need to be more proactive in using resources to create a strong “human firewall.”
But barriers still remain, acknowledges Murphy. One of the most glaring, he says, is that many smaller practices are not educated enough on cyber security threats and some lack the financial resources to invest in systems that will protect them.
“Larger medical facilities will have business people running the show—CEOs, COOs, and CFOs,” he says. “They are on the frontlines and see this stuff every day. They get it and understand how important it is to protect their organization. They also have the resources and the people to do this properly. The smaller organizations don’t have the people or the financial resources to take the proper steps and implement something. What they don’t realize is that the cost on the backend, if you have a breach or ransomware attack, is going to be far greater than the cost you will pay upfront to protect yourself.”
Danna-Gracey created this very robust cyber liability insurance program to assist with the education and training aspect for medical practices and provide insurance to protect them if and when a breach or cyber event occurs.
“This is not just insurance,” Murphy says. “What we are trying to do is educate and inform medical practices about cyber threats. This will test you and your employees on your cyber hygiene. The initial testing and evaluation is free and the training and retesting is very affordable.”
It will also meet compliance requirements for training and keeping records on every employee to show they are continuously trained and tested, he adds.
Danna-Gracey’s free program can get you started. It will help by assessing your current defense strategy through a phishing simulation at no charge. Crafty emails are sent out to all corporate email addresses. The results will help practice leaders analyze and evaluate the level of awareness among the employees. Once you have a better picture of the state of your email security, you can then develop a smarter strategy for shoring up your defenses.
“Cyber security is something you cannot mess around with,” says Murphy. “This should be on the top of your list of important things to take care of this quarter, not next.”
In addition to cyber liability insurance, Danna-Gracey also offers physicians professional liability coverage (med mal), workers compensation insurance, a robust cyber and regulatory defense coverage program, EPLI (employee practices liability insurance) coverage, as well as disability, life, and employee benefits.

For more information, contact Tom Murphy or Matt Gracey at 800-966-2120 or visit

Share |