How Cyber Insurance for Healthcare Entities Is EvolvingFormer Healthcare CISO Sumit Sehgal on Emerging Trends
The framework for how cyber insurance policies are designed for healthcare sector organizations is evolving, especially as more entities experience "high impact" ransomware incidents, says former healthcare CISO Sumit Sehgal.
Many existing policies have been in place for one to three years, he says. But as many of these organizations come up on their policy renewals, "they're going to see an uplift of premiums or deductibles … and they can definitely expect to see a change in coverage in respect to what the insurer will pay out in terms of ransom paid – if any."
Cyber insurers are more closely scrutinizing potential clients to ensure that "as part of the information security risk management process, there is appropriate due diligence given to continuity of operations" in case of a ransomware, he adds.
In this interview with Information Security Media Group (see audio link below photo), Sehgal also discusses:
- What healthcare entities may need to demonstrate to potential cyber insurer underwriters to gain approval for coverage;
- The roles healthcare CISOs should play in cyber insurance decision making;
- How the duties of healthcare CISOs are changing.
Sehgal is strategic product director for security vendor Armis. He has 20 years of experience in health IT and information security, including previously serving as CISO at Boston Medical Center and director of information security at The George Washington University Hospital. Before joining Armis, Sehgal was most chief technology strategist for McAfee.