Cyber & Data Privacy Insurance

Your practice, your patients and your staff are at risk of a Cyber Attack now more so than ever before. MPRS’ Cyber Liability Insurance covers the consequences of these attacks and can be secured for as little as £27 per week.

The WannaCry attack of 2017 was a global ransomware attack affecting an estimated 200,000 computers in 100 countries. Although not specifically targeted at the UK’s hospitals, GP surgeries, and clinics, it affected a third of NHS trusts, leading to 19,500 cancelled appointments and leaving nearly 600 GP practices without their IT systems.

Email Spear Phishing attacks are the most common method used to break NHS mail systems, where scammers masquerade as colleagues to elicit cash from the practice and in some cases personal bank accounts. These fraudulent emails come from accounts set-up in the name of real people who work at GP practices, suppliers and CCGs. If money is transferred away from your practice, banks will no longer reimburse monies where an employee is negligent in allowing a fraudster access or duped into transferring funds.

A new guide from the Association of Independent Specialist Medical Accountants (AISMA) outlines five tactics that cyber thieves are using:


  • CEO fraud
    A staff member receives a message from a partner’s email address ordering them to make an urgent, confidential payment. They may not realise that the partner’s email has been hacked.
  • Vishing
    Victims are duped into giving away passwords and bank details by bogus callers. You may have read stories in the press about people being conned by callers posing as policemen or bank officials, but be aware that similar tricks can be used against surgeries. Vishing is a new version of phishing (email scams) while smishing (text scams) are becoming common too.
  • Malware
    Malicious files infect the victim’s PC and then monitor keystrokes to detect their password.
  • Ransomware
    Similar to malware except that the program blocks access to files until the victim pays a ransom fee.
  • Cyber extortion
    Also involves a ransom demand, but in this case the fraudsters threaten to leak confidential data or post malicious comments.

Cyber security breaches are never the result of something that could not have been prevented.