Cyber Liability

  • Has your front desk staff ever attached and sent the wrong file to a patient?
  • Are your vendors HIPAA compliant and are they properly protecting your patient information?
  • What happens if the server that runs your EMR system goes down? Do you have coverage for that?

Cyber liability coverage offers protection for network security and privacy-related exposures, such as lost or stolen laptops or theft of patient data.

Physician: $100,000 per claim / $100,000 per policy period
Entities: $100,000 per claim / $500,000 per policy period

Higher limits — up to $3 million — are available for purchase. Request a quote for higher limits here.

Our cyber liability policy includes coverage for:

  • BrandGuard — coverage for lost revenue as a result of an adverse media report or customer notification of a security or privacy breach.
  • PCI-DSS Assessment — coverage for claim expenses, assessments, and fines imposed by banks and credit card companies due to non-compliance with payment card industry data security standard (PCI-DSS) or payment card company rules.
  • Proactive breach response costs: coverage for public relations expenses incurred in response to a privacy breach, but prior to the publication of an adverse media report, in an effort to mitigate the impact of such a report on the policyholder's reputation.
  • Voluntary notification — coverage for expenses incurred in notifying affected parties of a privacy breach where there is no requirement by law to do so.
  • Regulatory fines and penalties — coverage for administrative fines and penalties a policyholder is required to pay as the result of an investigation by the federal, state, or local government agency for a privacy breach (such as HIPAA, HITECH, and state or federal notification requirements).
  • Patient notification and credit monitoring costs — includes legal, IT forensic, public relations, advertising, call center, and postage expenses incurred by the policyholder to notify third parties about a breach. This coverage will also pay for credit monitoring for all affected parties.
  • Network asset protection — includes costs to recover and/or replace data that is compromised, damaged, lost, erased, or corrupted.
  • Multimedia — coverage for claims alleging copyright/trademark infringement, libel/slander, advertising injuries, and plagiarism.
  • Cyber extortion — coverage for demands for funds under the threat of:
    • releasing confidential information of a third party;
    • introducing malicious code;
    • corrupting, damaging, or destroying policyholder data;
    • restricting or hindering system access (including denial of service attack);
    • electronically communicating with patients or customers claiming to be the policyholder in order to obtain personal/confidential information; and
    • pays cyber extortion expenses, but expenses can only be incurred with TMLT’s consent. Also reimburses cyber extortion funds paid (with TMLT’s consent) to terminate the threat.



  • Dependent business interruption — covers income loss and interruption expenses incurred if the computer system of an IT service provider or business process outsourcing provider goes down.
  • Cyber crime — covers losses incurred due to (1) wire transfer fraud; (2) fraudulent use of an insured telephone system; and (3) phishing schemes that impersonate your brand, products or services, including the costs of reimbursing your customers for losses they sustain as a result of such phishing schemes. Subject to $2,500 deductible.


< back to coverage types >