Frequently asked questions
Cyber insurance
Medical practices rely heavily on IT systems and technology to provide healthcare services, with confidential data such as medical records, business and employee files, financial records and personal information generally stored or accessed electronically. The loss of access or damage to your electronic data could be devastating to both your practice and patients.
No business is immune to the risk of a cyber incident. The threat of unauthorised access by a malicious third party, data breaches or loss of data due to the mistake of an employee, or failure of your backup generators causing damage to data on your servers can happen at any time. Practices need to manage these exposures and protect their digital assets through good IT security and insurance cover for when a cyber incident happens.
Avant Cyber Insurance has been designed to complement our existing suite of tailored practice products and services that work together to help you protect your practice and make running it easier, safer and more efficient. It provides peace of mind you have a level of protection for many of the common cyber risks your practice faces, now and in the future.
Avant Cyber Insurance is available under a group policy between Avant Insurance Limited and Liberty Mutual Insurance Company, trading as Liberty Specialty Markets (Liberty). Liberty is the fifth-largest property and casualty insurer in the world. You can rest assured Avant has partnered with an insurer with global cyber expertise and over 100 years’ of general insurance experience.
Avant Cyber Insurance provides protection against^:
- Damage to digital assets such as medical records, due to an administrative or operational mistake made by your employees or IT provider.
- Income loss (after a 12-hour time retention period) and other extra expenses incurred due to your practice being unable to access its data.
- Cyber extortion payments made to regain access to or restore your data from a malicious third party, where prior approval by the insurer is provided.
- Defence costs and damages awarded as a result of a claim against the practice due to malicious code being transferred to a third party’s network (excluding a provider).
- Crisis management costs incurred (with prior approval from the insurer) to protect the reputation of your practice after an insured cyber incident has been reported in the media.
- Forensic expenses incurred to investigate the source of unauthorised access to your network, or the failure of your computer security to prevent malicious or unauthorised use in a range of circumstances.
- Defence costs, fines and penalties (where insurable under law), resulting from a regulatory investigation into a privacy breach related to an insured cyber incident.
- Your liability if you unintentionally, in the publication of any content in electronic or print media, defame a third party, breach their right to privacy or infringe on their intellectual property rights or are found to be negligent.
^Cover is subject to the full terms, conditions and exclusions of the policy.
If you have a current Avant Practice Medical Indemnity Insurance policy, you will automatically have Avant Cyber Insurance included as part of your cover with Avant. You do not need to opt-in or take any further action.
Avant Cyber Insurance cover is an additional benefit for your practice with your Avant Practice Medical Indemnity Insurance policy. This is complimentary for all eligible practices, and no additional premium is payable.
Cover under Avant Cyber Insurance is provided to eligible medical practices that hold a current Avant Practice Medical Indemnity Insurance policy.
The cover is provided to the entity or entities named on your Avant Medical Practice Indemnity Insurance policy schedule, and their subsidiaries. The policy provides cover for claims made against the practice, including claims against your employees, directors, officers, partners, members or trustees, relating to acts or omissions committed while they were acting in that capacity.
Each practice has an aggregate limit of $100,000 for all claims made during the Avant Cyber Insurance policy period.
A total aggregate limit of $10,000,000 applies for all claims made by all insured practices under Avant Cyber Insurance during the policy period. All the entities insured under an Avant Practice Medical Indemnity Insurance policy share the per practice aggregate under Avant Cyber Insurance.
$5,000 in respect of an Insured Practice with combined gross billings that do not exceed $25,000,000 in the financial year preceding the commencement of the Policy Period; or
$10,000 in respect of an Insured Practice with combined gross billings that exceed $25,000,000 in the financial year preceding the commencement of the Policy Period.
12-hour time retention also applies to non-physical business interruption and extra expense claims (i.e. loss of income in the first 12 hours of your network interruption occurring is not covered).
Practice, business and public liability insurances are crucial to ensure the operational and physical risks of your business are protected, but they won’t necessarily cover your practice for damage or losses arising from a cyber incident. Furthermore, they are unlikely to cover your practice for damage to your non- physical or intangible assets, or your liability connected to the digital aspects of your business.
Traditional insurance covers were not designed to cover digital risks, so we have extended our suite of covers to include cyber insurance and provide more protection for practices against the emerging risks of a technology-dependent world.
If, as a result of any applicable sanction, prohibition or restriction, including under United Nations resolutions or the trade or economic sanctions, laws or regulations of Australia, the European Union, United Kingdom or United States of America, it is not legally permissible for the insurer to reimburse extortion monies paid by a medical practice, the insurer will not be able to make this payment.
If reimbursement by the insurer of extortion monies paid by a medial practice would contravene any applicable sanction, prohibition or restriction, then the insurer will not be able to reimburse the medical practice.
Prevention is better than cure. Safeguarding your practice by educating your staff and proactively managing your risk with simple tools and processes can substantially reduce the severity and impact of a cyber incident.
Avant has created an extensive library of resources and information to assist in protecting your practice against a cyber incident.
If you suspect your practice is experiencing or has suffered a cyber incident, you need to act quickly. The sooner you contact us, the sooner we can support you to get your practice back up and running.
Avant’s Medico-legal Advisory Service is available 24/7 in emergencies on 1800 128 268 for first response support.
If required, we will refer you to an expert cyber response and forensic specialist to help you minimise the impact of a cyber incident on your practice, staff and patients.
Not all cyber incidents require an emergency response. Your practice’s IT provider may be able to rectify an outage or provide access to your backups without additional support and this may be claimable under the policy.
To make a claim under Avant Cyber Insurance, you should notify Avant of your claim within 60 days of a cyber incident occurring by calling us on 1800 128 268 or emailing nca@avant.org.au. When notifying us of a cyber incident, please include:
- your Avant Company ID
- your Avant Practice Indemnity policy number
- contact details for your practice and (where necessary) your IT provider
- details of the incident, including when it happened and what work you have done in response to the cyber incident, as well as supporting documentation (including invoices/ receipts for costs incurred) relating to the cyber incident.
When someone accesses your network, they don’t always intend to cause damage immediately. Malicious code, including malware and ransomware programs, can sit undetected on your network for months, or even years.
That’s why Avant Cyber Insurance provides unlimited retroactive cover for your practice. The policy includes coverage for damage or loss to your digital assets during the policy period arising from unauthorised access that the practice was unaware of — even if your network was accessed before your cyber cover was in place.
Many practices lease part of their premises out to other medical practitioners or allied health businesses, and this may also include an agreement to host the tenant’s data and computer programs on your practice’s network. This means your practice may be responsible for your tenant’s data, even if you can’t access it. Your network may also be vulnerable to unauthorised access via their programs or computers.
Avant Cyber Insurance includes protection for damage to digital assets that belong to a medical tenant where you have an agreement with them for access to your network, which means your cover includes protection for the professionals that support your practice.