2024 Data on Healthcare Cyber Liability and Ransomware Attacks

Every 7 seconds, 10 individuals in the US are affected by a healthcare data breach.

Recent data breaches and cyberattacks have underscored the critical importance of cybersecurity in the healthcare industry. In 2023 alone, the Department of Health and Human Services (HHS) reported a staggering 725 healthcare data hacks, exposing over 133 million health records. This marked a significant increase from previous years, with an average of two health data hacks occurring daily, as reported by The HIPAA Journal. Notably, the largest hospital breach of 2023 was the HCA healthcare data hack, which exposed 11 million records, highlighting the magnitude of cyber threats faced by healthcare organizations.

Most breaches by state. Research done by Intaprisehealth on Healthcare Data Breach Statistics

What Happened Recently?

Two major incidents have brought back to the spotlight the vulnerabilities of the healthcare sector to cyber threats. First, UnitedHealth’s Change Healthcare experienced a cyberattack that caused disarray to their prescription processing systems. This meant pharmacies all over the U.S. faced delays in getting prescriptions to patients. At around the same time, Lurie Children’s Hospital in Chicago faced a cyberattack that disrupted their communication systems and patient care operations. The hospital had to take its systems offline, including email, phone, and electronic systems,  for nearly two weeks.

Experts warn that this attack is part of a growing trend of foreign criminals targeting U.S. hospitals for hefty ransoms.

What is the cost of Data Breaches in Healthcare?

It’s essential to recognize that hospitals across the country are at risk for similar attacks through Q1 2024 already. The increased use of online technology in healthcare has expanded the digital attack surface, providing more opportunities for bad actors to penetrate networks.19 out of 20 healthcare organizations had at least one breach in the last few years. The average cost of such breaches for a healthcare organization is over $3 million dollars. The average cost per exposed, personally identifiable record is of $398. 

How are Data Breaches, Cyber Threats and Ransomware Attacks a Big Deal in Healthcare?

The healthcare industry depends on digital technology to care for patients and handle sensitive data. With more reliance on technology, there’s a larger risk of cyberattacks. These aren’t just about losing money; patient safety can be at risk, and the trust in healthcare institutions could further decline.

Healthcare records are worth so much more what credit card numbers are worth in the black market.

• Health care records are not so easily changed. 
• Basis for credit/insurance fraud. 
• Target for overseas intelligence. 
• High Quality, deeply personal.
• Obtain illicit drugs providing somebody else’s information. 
• Blackmail possibilities. 

What Did These Attacks Cause?

The cyberattack on Change Healthcare caused delays in prescriptions, affecting patients’ access to necessary medications. The cyberattack on Lurie Children’s Hospital disrupted communications and patient care, showing how these attacks can directly impact patient health and safety.

How Can Healthcare Protect Itself?

Cyber Liability Insurance is the first step. Why is Cyber Insurance Important?

A Cyber Liability policy is like a safety net for healthcare organizations. It helps cover costs such as legal fees, fines, and loss of revenue if a cyberattack happens. This insurance is special because it’s made for the unique risks of the healthcare industry, helping them handle both the financial blow and the process of investigating and cleanup of a cyberattack.

How can Healthcare Institutions work on enhancing their Cyber Security?

Items such as firewalls and anti-virus software on top of Cyber Liability Insurance all add an extra layer of protection. It can also encourage more and more healthcare organizations to beef up their security. Some insurance companies offer cheaper rates if an organization shows it has strong security measures in place.

Let’s go over the main threats to Data Security:

• Criminal Attacks such as DDOS or other tempering mechanisms.
• Lost of stolen computer.
• Unintentional employee actions.
• Third party mistake. Vendors, Clients, Providers, Software, etc.
• Technical System Glitches.

Choosing the Right Cyber Insurance

Not all cyber insurance is the same. Healthcare organizations need to find the right insurance program that fits their specific needs and risks. This means working closely with insurance providers to get coverage that matches their technology and potential vulnerabilities.

The Bigger Picture: Safeguarding Healthcare’s Future

Adopting cyber insurance isn’t just about dealing with the consequences of cyberattacks. It’s about making a proactive effort to protect patient data, ensure the healthcare business can keep running even after an attack, and maintain the trust of the patients and the public. By combining strong cybersecurity measures with cyber insurance, healthcare organizations can be better prepared for whatever cyber threats come their way, ensuring they can continue to provide care safely and effectively in our digital world.

Research done by Robbie Richards from Royal Jay on Healthcare Data Breaches.

Integrating Cyber Liability Insurance Services

How Can Specific Cyber Liability Services Enhance Protection?

If you are a healthcare provider looking for a reliable and comprehensive cyber insurance solution, Inszone Insurance is for you. Our insurance specialists are not only well-versed in cyber liability insurance for businesses of all sizes and industries, but we also have a team with extensive experience in the healthcare field specifically. Our team can offer customized policies that cover a wide range of cyber risks, such as data breaches, ransomware attacks, network failures, and regulatory fines. These insurance programs can also provide access to expert support and resources to help you prevent, detect, and respond to cyber incidents. With Inszone Insurance, you can rest assured that your healthcare organization is protected from the financial and reputational consequences of cyberattacks. To learn more about their cyber liability insurance and receive a free quote, visit our Cyber Liability page.

Amy Hieatt

Executive VP – North American Health Care Practice Leader

Amy Hieatt is an Executive VP – North American Health Care Practice Leader at Inszone Insurance Services, joining Inszone in September 2023. In her role, Amy is responsible for overseeing the strategic direction and day-to-day operations of Inszone’s national healthcare liability vertical, with a strong emphasis on maintaining a customer-centric approach.

Over the past 20+ years, Amy has dedicated her career to the property and casualty insurance sector, focusing extensively on the Medical Professional Liability and Professional Liability sectors. Prior to her role at Inszone, she served as the Managing Director at Connected Risk Solutions (formerly ABRisk Solutions), a national wholesale brokerage. Before that, Amy led Business Development efforts for NORCAL Group’s Admitted and E&S business lines, managing teams across four regional offices nationwide. She initially entered the insurance field on the retail side, holding the position of Executive Vice President at a regional retail agency that specialized in healthcare liability insurance.

 

Amy’s remarkable journey in insurance, spanning over two decades, is marked by her commitment to servant leadership, her impressive track record of achieving growth and retention, and her dedication to mentoring high-performing collaborative teams. Her expertise in the medical professional liability sector has earned her the admiration of her peers, recognizing her as a visionary leader and expert in the field.

 

In her time off, Amy is passionate about outdoor activities, advocating for animal rights, and finds joy in traveling and reading.

[email protected]

(480) 361-0047

Follow Us: