Healthcare Practices: Cyber, HIPAA, and Coverage Gaps

Most practices land here because a vendor promise sounds broader than it is. The platform may come back. The practice still owns the patient relationship, the downtime, and a good chunk of the bill.

In a small office, cyber rarely stays in its lane. It spills into staff roles, patient communication, and the question of what the policy actually pays for.

Most owners arrive here after somebody says “the vendor handles that” and that answer does not feel complete.

This usually starts as a cyber question, then turns into workers' comp classification and malpractice cleanup. Cyber & Modern Operational Risk , Workers Comp & Employee Risk , and Professional & Management Liability .

Common questions people have

Start with the gap people usually notice first, then work outward.

What Your EHR Vendor Covers — and What Your Practice Still Owns Under HIPAA 5 min read
The software screen comes back on. That part feels like the problem is over. Then the real work starts. A dental office using Dentrix, Eaglesoft, ChiroTouch, or any other cloud-based system can have the vendor restore access and still be left holding the harder part: figuring out what happened, who has to be told, how long the office will run half-blind, and what it costs to clean up a mess that is now very much the practice's problem. If you want the broader frame first, start with Healthcare Practices and Cyber & Modern Operational Risk. This article is the narrow version of that conversation.
Why Phishing Is Still the Main Way Small Healthcare Practices Get Hit 5 min read
Small healthcare offices rarely get hit by movie-style hackers first. Most losses still start with one ordinary email that gets opened at the wrong time.
HIPAA Breach Notification Costs: Where the Money Actually Goes 5 min read
The expensive part of a HIPAA breach is usually not one giant fine. It is a stack of ordinary invoices that starts building right away.
What Cyber Downtime Looks Like When Scheduling and Billing Stop 4 min read
The office can stay technically open and still lose money all day. Cyber downtime usually shows up first in the schedule and the billing queue.
Workers' Comp Class Code Traps for Clinical Staff vs. Admin Staff 4 min read
Front-desk payroll and clinical payroll do not belong in the same bucket just because they work in the same office. Audit surprises usually start there.

Deeper explanations (if you want them)

If you want the policy structure and the math, go deeper here.

Standalone Cyber vs. BOP Cyber Endorsements for Small Healthcare Practices 6 min read
A BOP cyber endorsement can help with nuisance-level events. A real healthcare breach usually asks for more than that.
What a Small-Practice Data Breach Actually Costs 6 min read
The first bill is rarely the biggest one. Small healthcare breaches get expensive because the costs stack, one ordinary invoice at a time.

If you want a second set of eyes, this is usually where I start.