Healthcare facilities are attractive and vulnerable targets for cyberattacks. Understanding the cyber landscape and having the right insurance team in place is just the first step to stopping cybercrime.
When it comes to hospitals and other medical facilities, cyberattacks are not as far away as you might think. Because these systems are highly attractive to cybercriminals.
“Threat actors used to can do to infiltrate medical networks, have the opportunity to Ransom an organization…hMedical institutions have a lot of protected medical care information, i.e. be A treasure trove for sale on the dark web by threat actors. There it is Each piece of data has a lot of value,” said Stephanie Snyder Frenier, senior vice president of CAC Specialty’s Professional and Cyber Solutions Practice.
In addition, the vulnerability of healthcare facilities makes them easy targets for criminals.
According to the Department of Health and Welfare data, In 2023, there were 630 ransomware incidents against healthcare organizations worldwide. According to some information, 460 of them were in the United States. Statista reportthe average data breach cost for healthcare organizations over the past few years has reached nearly $11 million.
“handThe thugs are after the money, and that money is in health care,” Snyder-Frenier said. “the It’s that simple. ”
So what are these facilities for?
A treasure trove of vulnerabilities
Healthcare facilities large and small have several key factors in common that make them attractive targets for cybercriminal activity. As Snyder-Frenier stated, the amount of sensitive information stored within the healthcare system is enormous.
Another is that the industry is dependent on technology.
Stephanie Snyder Frenier, CAC Specialty Division, Senior Vice President, Professional and Cyber Solutions Practice
Charts, data, doses, etc. are documented for each patient on the health system’s portal. Medical equipment ranges from X-ray machines, insulin pumps, defibrillators to heart rate monitors. This means there are many different pieces of equipment with varying levels of monitoring that can be used as entry points for attackers. And of course, outdated technology can open the door to cybercriminals.
And when that technology is not available, patients suffer.
“IIf an attacker can take a hospital offline and hold it for ransom, necessarily There’s a sense of urgency and timeliness to restore access to all the technology that hospitals need to operate,” Snyder-Frenier said.
As attacks increase, so too do stories about physical injury and patient risk related to cyberattacks.
In one example, Düsseldorf hospital faces ransomware attack In 2020, the system was locked down, causing emergency departments to turn away patients because they could not accept new patients. One woman, who was diverted during the incident, died because she was not found in time.
Two years later, report detailed the story of a three-year-old boy who was given five times the prescribed amount of painkillers thanks to a cyberattack that prevented staff from accessing digital tools.
“In recent years, we have seen a number of attacks focused on causing some kind of disruption to services, particularly in hospitals and healthcare systems. Threat actors are focused on forcing hospitals and health systems to pay ransoms so they can regain access to their networks and provide health care services to patients,” Snyder-Frenier said. said.
deviation from the norm
This means that the nature of the attack may also change. Most recently, UnitedHealth Group’s payment management system, Change Healthcare, was compromised in February.
“What makes the Change Healthcare attack unique is that in this case, the attackers targeted a technology provider that is a linchpin within the larger U.S. healthcare ecosystem,” Snyder Frenier explained. “Change Healthcare is a clearing house that processes both claims and prescriptions. Cybercriminals took over 100 applications offline and attacked them, cutting off the ability of healthcare providers to process claims and prescriptions. It also impacted the ability to obtain prior medical authorization.”
According to Change Healthcare’s website, its systems process more than 15 billion billing transactions annually, with one in three patient records passing through its systems.
This wasn’t just a “typical” data breach or ransomware event. This was an attack on the technology infrastructure behind healthcare systems across the United States. This can lead to significant business interruptions for affected facilities, forcing providers to seek alternative processing clearinghouses to issue bills, fill patient prescriptions, and pay additional fees. can no longer occur or occur. expenses during that time.
“This means that for the larger cyber insurance industry, all of Change Healthcare’s customers will incur dependent business interruption losses that may be charged under their cyber insurance policies in terms of potential net income. “We showed that there could be larger downstream effects that could result in not only losses, but also additional costs,” Snyder-Frenier said.
This is just one example, but it illustrates the ever-changing nature of cybercrime and the devastation it can cause to organizations across the country.
insurance against incidents
The rise in attacks has cyber insurance companies on high alert, and rightly so. A breach is an expensive event, and cyber insurance companies want to underwrite the risk appropriately. (FYI: UnitedHealth Group $3.3 billion We request the provider to improve the current situation. This number is likely to increase as the breach and its aftermath are still under investigation.)
Because medical institutions protect health information, “They were buying cyber insurance from the beginning,” Snyder Frenier said. “Cyber insurance is a great backstop against these types of risks that businesses face, both in terms of data breaches and business interruption. Cyber insurers also need to be more targeted in their underwriting efforts to ensure that healthcare providers have appropriate cybersecurity controls in place, as they are particularly targeted by threat actors. There is no doubt about it. ”
Good cyber insurance companies offer tabletop exercises, business continuity plans, and other partnership opportunities to prevent attacks and keep hospitals healthy in the event of an event.
However, using services and finding the right one is not always easy. Snyder-Frenier noted that brokers can play a big role in making sure both insurance companies and medical facilities are on the same page.
“Much of the value of cyber insurance comes down to coverage for the use of vendors for data forensics and incident response, as well as lawyers advising from a legal and notification standpoint regarding data breaches,” she said. . It comes from cyber insurance, and the key is that a true partnership is established. ”
Claims-paying ability should be one of the top priorities healthcare providers look for in their insurance partners. “Here, brokers really have a role to play in ensuring that carriers that participate in cyber insurance programs are well-tested and understand the risks that healthcare organizations face. Because by comparison, this is a unique risk,” Snyder Frenier explained.
“We also discuss business interruption risks, so we cover the full spectrum of policies. Brokers with a particular focus on cyber insurance and that as an area of expertise know which carriers are best suited for the claims process. We can advise our clients on who is the right partner for them.
“There is a carrier for every buyer. Different buyers come into the market with different needs when it comes to cyber insurance,” she concluded. “While not a one-size-fits-all panacea, a broker can play an important role in finding the right panacea for you.” &
