Change Healthcare ™ Attack Highlights Often Overlooked Cyber Insurance Coverage

By Shawna Bertalot, CIC, ACI, WisMed Assure President

Shawna Bertalot

Many health care practices rely on a third party for access to their EMR and for billing. This creates a “contingent” or “dependent” risk. The February 21 cyberattack on Change Healthcare changed the world for many patients and health care providers. The March 14 and March 28 issues of Medigram included resource links and information on potential payment programs for Part A and Part B providers impacted. For practices and organizations that contracted with Change Healthcare™ to facilitate the electronic transfer of medical documentation and billing for all their insurance claims, revenue stopped, expenses continued and funding programs from Optum and CMS/Medicare have not been comprehensive solutions.

Cyber Insurance programs can provide additional coverage for a scenario like this, but only if the policy includes Business Income or Business Interruption coverage and includes Contingent Business Interruption or Dependent Business Interruption coverage. Without contingent or dependent coverage, your policy would only respond if the cyberattack were on your organization and would not respond if the attack were against a third party upon whom you are dependent. We discussed the importance of comprehensive cyber insurance in the November 2, 2023 issue of Medigram and the Fall 2023 issue of The Antidote.

Important Considerations for Cyber Insurance Coverage:

  • Cyber insurance policies do not always include contingent or dependent coverage.
  • Cyber coverage included as an add-on to other policies, like a business owners’ package or medical professional liability, typically do not include this coverage.
  • Business Interruption or Business Income options are not automatically covered.
  • Paying claims for cyber policies is complicated and typically requires forensic information technology and legal review to confirm the breach or attack. This can take weeks or months before any payment will be made.
  • Policyholders must provide proof of loss and that the incident in question directly resulted in the policyholder’s loss of income, without regard to whether an event has been widely reported in the news.
  • Deductibles and waiting periods will apply.
  • Reach out to the insurance carrier as soon as you become aware of an incident, before you hire your own consultants, and respond promptly and completely to their requests for supporting documentation. Your insurer will have specialized relationships at pre-negotiated rates.

If you are concerned about your Contingent or Dependent Risk and wondering if your current cyber insurance policy has coverage, how that coverage works or if you can obtain coverage, contact your WisMed Assure agent or

Note: This article is for informational purposes only and should not be considered as insurance advice related to your specific policy or situation. Please consult with a qualified insurance advisor or professional before making any policy decisions. Full disclaimer and contact information.

Leave a Reply

Your email address will not be published. Required fields are marked *