Viewpoint: Acknowledge and Plan for Well being Care Cybersecurity Dangers – Claims Journal

It’s no secret that the health care industry is a prime target for cybercriminals. Despite efforts to combat ransomware, legal experts have seen a 66% increase in ransomware claims compared to the average over the past four underwriting years[1]. And data breaches are as common as ever. A 2021 study [2]found that from 2018 to 2021, there was an 84% increase in the number of data breaches against health care organizations, impacting 14 million individuals in 2018 and jumping to 44.9 million in 2021.
To help protect from these attacks, knowledgeable claims directors, risk managers, and senior adjusters have an opportunity to help health care clients recognize and plan for the risks associated with cyber breaches and attacks.
Cybercriminals are capitalizing on the increasing value of health care data and the industry’s reliance on interconnected systems and devices. Medical records are a virtual treasure trove, containing the patient’s full name, address history, financial information, and Social Security numbers—enough information for hackers to take out a loan or set up a line of credit under patients’ names.
Increasingly, hackers are selling the information for profit on the black market. According to a Trustwave report, a health care data record may be valued at up to $250 per record on the black market, compared to $5.40 for the next highest value record (a payment card)[3]. Black market buyers have all the information they need to use the information to create fake IDs to purchase medical equipment or drugs, or to file a false insurance claim.
IBM reports that the global average cost of an attack on a health system rose from about $7 million to over $9 million in 2021[4]. Further, remediating these violations can be far more expensive. High-profile cases provide insight: a breach at Universal Health Services cost $67 million, the University of Vermont spent $54 million to recover from an attack in 2020, and Scripps Health lost $112.7 million.
With the potential monetary impact on the rise, one can understand why cybersecurity has caught the attention of board of directors and C-suite executives at organizations across the country.
By educating health care leaders about the dangers of cybercrime, risk managers and senior adjusters can help them make informed decisions about how to protect their organizations.
Examining how breaches occur can help to establish processes and procedures to mitigate risk.
Phishing, the practice of infecting a seemingly authentic email with malicious links, is health care’s most prevalent cybersecurity threat. When a link in an email is clicked, users are directed to a web page that may look like a login screen for familiar software. Once the user submits their credentials, cybercriminals use the information to access health care systems. In spear-phishing attacks, the effort is personalized to the individual targeted, increasing the likelihood that the recipient will click.
As mentioned previously, ransomware attacks are also a growing threat amongst health care providers. During a ransomware attack, malware is injected into a network (usually through a phishing attack) to infect and encrypt sensitive data until a ransom is paid.
The health care industry also suffers a disproportionately large amount of data breaches compared to other sectors. HIPAA specifies strict requirements for protecting health records and additional sensitive information from unauthorized access, yet health entities struggle with implementing security controls.
In addition, distributed-denial-of-service (DDoS) attacks, which flood targeted servers with fake connection requests forcing the servers offline, pose devastating threats to operations and are an effective tactic as part of a ransom scheme.
Health care leaders can make informed decisions about protecting their organizations from cybercrime with proper education and awareness. The answer lies in developing a multifaceted defense system.
To avoid the first phishing assault, organizations should:
To defend systems against initial malware infiltration, consider two important modes of protection:
To thwart malware once it is past initial defenses:
Suppose the malware was able to execute and encrypt data. In that case, the following tactics could identify what data was affected, whether it was exfiltrated from the network and whether it could be recovered:
Forward-thinking organizations understand that it’s time to take proactive steps. In addition to disrupting operations and eroding consumer trust, the organization and its board of directors could face lawsuits in the event of a breach. As a breach is detected, response time is critical. Therefore, it is vital that health care organizations have a written plan for responding to potential data breaches, which includes whom to contact in the event of a cyber-incident and how that notification process works.
And it is equally vital to encourage health care organizations to invest in a good cyber insurance policy that will cover the cost of ransomware payments and other expenses. From understanding what exposures a cyber-liability insurance policy provides coverage for, to how much coverage is sufficient, one should not assume that one policy type will provide all the coverage needed. Look into D&O and general liability policies to see whether they cover cyber events, as well as cyber policies to see whether they cover board members within the Definition of Insured.
The health care industry is under constant attack from cybercriminals. Some days it feels like the wild west. Knowledgeable insurance professionals can help health care organizations recognize and plan for the risks associated with cyber breaches and attacks.
[1] https://www.coverys.com/Knowledge-Center/Cybersecurity-for-Healthcare-Providers
[2] https://cybersecurity.criticalinsight.com/2021_H2_HealthcareDataBreachReport
[3]https://www.fiercehealthcare.com/hospitals/industry-voices-forget-credit-card-numbers-medical-records-are-hottest-items-dark-web
[4] https://www.ibm.com/security/data-breac
5https://www.coverys.com/knowledge-center/healthcare-as-a-target-of-cybersecurity-issues
Was this article valuable?
Thank you! Please tell us what we can do to improve this article.
Thank you! % of people found this article valuable. Please tell us what you liked about it.
Here are more articles you may enjoy.
Get the latest insurance news
sent straight to your inbox.
Your email address will not be published. Required fields are marked *
*
*

document.getElementById( “ak_js_1” ).setAttribute( “value”, ( new Date() ).getTime() );

We have updated our privacy policy to be more clear and meet the new requirements of the GDPR. By continuing to use our site, you accept our revised Privacy Policy.

source

Leave a Comment

Your email address will not be published. Required fields are marked *