Cyber risks your organization may face:

• IdentitytheftresultingfromlostorstolenPHIfrommedicalrecords,SocialSecurityorcreditcardnumbers,driver’slicensesorfinancialinformation.

• Costlye-vandalism.

• FederalandstategovernmentlawsuitsandinvestigationsconcerningPHIsecuritybreaches.

• Class-actionclaimsresultingfrombreachesinyourPHIdata.

• E-businessinterruptionduetoasecurityfailureoranInternetvirus.

• Cyberextortionthreats.

• Costsrelatedtoprivacynotification,crisismanagementanddisasterrecovery.

The Solution: CyberSecurity by Chubb for Health Care Organizations

• Privacynotificationexpenses,includinghealthcarerecordsmonitoringandrestoration.

• Privacynotificationexpensesprovidedonavoluntarybasis.

• Premierprivacyinjury,includingcoverageforclaimsallegingactualorpotentialunauthorizedaccesstotheprivateinformationofnaturalpersons,aswellasthenon-publicinformationofthird-partyorganizations.

• Coverageforwrittenrecordsbreaches.

• Regulatorydefensecostsandfines,penaltiesandconsumerredressassociatedwithactualorpotentialunauthorizedaccesstoprivateinformation.

• Flexibility,withcoverageprovidedonareimbursementbasis,orChubb-controlledcounselandvendorselection.

• Number-of-affected-personscoverageoutsidethelimitavailableforqualifyingrisks.

• LossPreventionConsultantServicesReimbursementProgramcanreimburseapercentageofthecostofqualifiedcyberlosspreventionservicesandreferralresourcestospecializedcyberattorneys,vendorsandserviceproviders.

• Onlinenetworksecurityriskassessmentresultinginacomprehensivereportofyourcompany’sexposures(uponrequest).

• Combinedthird-partycyberliabilityandfirst-partycyber-crimeexpensecoveragesinoneworldwidepolicy.

Why does your organization need cyber insurance?

• Stealthy external hacking of health care organization computer networks causes the majority of personal health information (PHI) data breaches today.1

• Any health care organization can be at risk under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 or associated state laws. In fact, health care organizations account for more than 40% of all data security breaches reported across all industry segments nationwide.2

• Health care organizations face heightened regulatory scrutiny, increasing the scope of fines and penalties for health care data breaches.

BuSINESSINSuRaNCEHEaLtHCaRE

CyberSecurity by ChubbSM for Health Care Organizations

Know-how when you need it. Broad protection to help keep you covered. Doing more to shield you from the risk of data security breaches.

With more efficiency and reliance on data also comes more risk—leaving your organization vulnerable to cyber security threats. That means you could face significant out-of-pocket and reputational costs that can devastate your organization’s bottom line.

Even if your organization uses state-of-the-art data-security controls, your assets may still be at risk. That’s why we created CyberSecurity by ChubbSM for health care organizations.

Chubb Group of Insurance Companies | www.chubb.comChubbGroupofInsuranceCompanies(“Chubb”)isthemarketingnameusedtorefertotheinsurancesubsidiariesoftheChubbCorporation.Foralistofthesesubsidiaries,pleasevisitourwebsiteatwww.chubb.com.actualcoverageissubjecttothelanguageofthepoliciesasissued.Chubb,Box1615,Warren,NJ07061-1615.

Form14-01-1101(Rev.6/15)

• accesstoChubb’seRiskHub®,anonlineriskmanagementportalthatcanhelpyourorganizationreducethechanceofabreachorlossoccurringandbolsteryourincidentresponseplan(IRP).thisfreeresourcealsooffersdownloadablematerialsincludingatemplateIRPandBusinessassociate(Ba)contract.

Learn MoreContact your agent or broker today or visit Chubb online.

The cost of a health care data breach averages $316 per record, compared

to $201 per record for all industry segments combined.3

1“NursingHomesareExposedtoHackerattacks,”WallStreetJournal,February18,2014.

2“2013DataBreachCategorySummary,”IdentitytheftResourceCenter.

3“2014CostofDataBreachStudy:unitedStates,”thePonemonInstitute.

Designed to do more

Chubb’scybersolutionforhealthcareorganizationsisdesignedtoaddressawidearrayofrisksassociatedwithhealthcareservicedelivery.

• Third-party cyber liability coverage for:

Disclosure injury,governmentandclass-actionlawsuitsallegingunauthorizedaccesstoordisseminationofpatients’PHI.

Reputational injury,includingsuitsallegingnegligenceinfailingtokeepPHIsecure,libel,slander,defamationandinvasionofprivacy.

Impaired-access injury,includingsuitsarisingfromsystemsecurityfailureresultinginyoursystemsbeingunavailabletocustomers.

Content injury,includingclaimsarisingfromcopyrightandtrademarkinfringement.

Conduit injury,includingclaimsarisingfromsystemsecurityfailuresthatresultinharmtothird-partysystems.

• Optional first-party cyber-crime expense coverage for:

Privacy notification expenses(onalimit-of-liabilityornumber-of-affected-personsbasis),includingthecostofcredit,identityorhealthcarerecordsmonitoring,andrestorationservicesforaffectedcustomers.

Crisis management and reward expenses,includingthecostofforensicandpublicrelationsexpenses.

E-business interruption,includingfirst-dollarextraexpense.

E-threat,includingthecostofaprofessionalnegotiatorandransompayment.

E-vandalism expense,evenwhenthevandalismiscausedbyanemployee.

The Solution: CyberSecurity by Chubb for Health Care Organizations (continued)