Protect Your Practice from Cyber Threats

Because data breaches can arise from many sources, cyber insurance is recommended for all medical practices. All TMLT policies have a cyber liability endorsement that provides a limit of $100,000.

Read about cyber claims here: Case Briefs — Ransomware and  Cyber fraud case study: Failure to recognize phishing email.


For TMLT policyholders, the embedded cyber insurance is provided for no additional premium. Policyholders also have an option to purchase higher limits.

The majority of cyber insurance policies include coverage to restore or recover lost or damaged computer programs and data; for breach response services for patient notifications and credit monitoring expenses; for crisis management and public/media relations; for cyber extortion and cyber terrorism; and for cyber crime/financial fraud. Some cyber liability policies also include coverage for the loss of revenue and extra expenses due to a business interruption.

Policies also typically includes coverage to defend claims related to security and privacy breaches resulting in the disclosure of confidential information; for regulatory investigations and fines and penalties; and for claims related to media liability alleging personal injury or invasion of privacy. Some policies also include coverage for errors and omissions.

How much cyber insurance to carry is a decision only you can make, based on your risk tolerance and your confidence in your current cyber security measures.

It is difficult to know how much a breach would cost. If all your patient records were breached, how many patients would that affect? If the breach is investigated by the Office of Civil Rights, it could take more than a year to resolve. Many hacking and ransomware attacks require a forensic analysis to be done as part of the investigation. These costs add up, and many practices carry higher limits.

Request information at cyber@tmlt.org.

Cyber threats require urgent attention and can quickly become catastrophic if not dealt with decidedly.

Cyber liability coverage helps your practice survive these incidents by covering losses from cyber-related events.

However, cyber insurance is not a substitute for a good cyber security program, as not all losses can be covered by insurance. The benefits of an effective cyber risk management program and disaster recovery plan include prevention of cyber losses; preservation of electronic data; continuity of business; fulfillment of commitments to patients; compliance with privacy and security laws; and protection of the practice’s reputation.

TMLT offers cyber security tools and resources to help physicians prepare for and mitigate breach incidents. Organizations often need external assistance with their risk assessments and privacy training.

According to IMB Rule 166.2, C Texas physicians are required to complete 48 hours of credit every 24 months. At least 24 credits must be from formal courses designated as AMA/PRA Category 1. At least two of the 24 formal credits must involve the study of medical ethics. The remaining 24 credits may comprise informal self-study, attendance at hospital lectures, grand rounds, or case conferences not approved for formal CME.