Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it's important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here's why: A) You'll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.
Here is an interesting recap of some of the top web incidents of 2009, along with some projections for 2010. It’s done by one of the guys at Breach Security. It includes a recap and some technical details on the TJX hack, Time’s ‘Most Influential Person’ poll abuse, fun with Twitter, and more. A good read and some good perspective. You need to disclose some info to download – but its worth it.