HITRUST announced in a press release earlier this week a partnership with Willis Group to identify a common approach to improve cyber insurance coverage and premiums for the healthcare industry by the end of 2015. The new platform will be the first industry-specific cyber insurance program and will leverage the HITRUST CSF and CSF Assurance program.

The Need for More Effective Guidance to Evaluate Cyber Risk

The increase in cyber-related threats, attacks and breaches has led to significant challenges for healthcare organizations trying to secure cyber risk insurance. Substantial premium increases and a reduction in available policy limits have reduced the ability for organizations to secure adequate coverage. At the same time, more healthcare organizations are requiring cyber insurance as part of their third party assurance programs.

Currently, there is no generally accepted assessment and risk scoring method in the industry and the evaluation and reporting of risk can vary significantly from one organization to another. As the industry standard security, privacy and risk management framework, we believe the HITRUST CSF can provide effective guidance in the cyber insurance process and, more specifically, provide guidance around evaluating residual cyber risk.

Lower Premiums for Greater Coverage Options

By leveraging the CSF Assessment, HITRUST and Willis believe there are efficiencies that can be achieved in the application and evaluation process. The policies will be more aligned with specific organizational cyber risk and those organizations who can demonstrate strong security controls. By achieving CSF Certification or various scores on a CSF Validated report, organizations will have lower premiums for greater coverage options.

Improving Insurance Coverage and Premiums

The new Willis-HITRUST platform will improve insurance coverage and premiums for healthcare organizations by:

  • Making the process of securing cyber insurance easier, more efficient and improving consistency by leveraging HITRUST CSF, the healthcare industry’s most widely adopted privacy and security framework and model implementation of the NIST Cybersecurity Framework.
  • Improving the accuracy of risk assessments by using a robust assurance methodology that incorporates the ability to score the effectiveness of the organization’s controls.
  • Supporting the identification and ranking of information security controls associated with cyber risk and the impact of any changes in scoring.
  • Rewarding organizations that can document and demonstrate effective information security programs related to insurable cyber risks.

Willis and HITRUST expect the solutions to be available by the end of 2015.

We encourage organizations with questions to contact us at info@HITRUSTalliance.net.

HITRUST CSF: https://hitrustalliance.net/hitrust-csf/

HITRUST CSF Assurance Program: https://hitrustalliance.net/csf-assurance/