Skip to main content
MorningsideHealth & Risk

I had a HIPAA breach — what does the carrier cover and what's on me?

The cyber policy typically covers: forensics, breach coach legal fees, mailed notifications (often $7–$15 per letter at scale), call center setup, credit and identity monitoring, public relations, and OCR investigation defense costs. Fines and penalties may or may not be covered depending on policy form — most modern policies cover regulatory fines where insurable by law, but some exclude HHS/OCR penalties specifically. What's typically on you: ongoing remediation costs beyond the response period, reputational damage, settlements and structural remediation HHS imposes (Resolution Agreements often include 2-year corrective action plans). Confirm regulatory fine coverage scope on your specific policy.

Category
Business Insurance
Audience
For existing clients
Topic
Cyber & Privacy

STILL HAVE QUESTIONS?

We answer the same business day.

If yours isn't covered here, schedule a consultation and we'll get you a clear answer.