Healthcare organizations retain detailed personal and financial information, execute lots of financial transactions and use sophisticated systems (see our prior posts here & here), and are therefore a prime target for cyber attacks. Not surprisingly, attacks on healthcare organizations are common. According to Ponemon (see here) 89% of the surveyed health care organizations experienced a breach in the last 24 months.
Healthcare organizations are a prime target because the information can be used in a variety of ways, boosting its value. But cyber criminals have turned to an alternative approach to extract additional value from healthcare organizations – ransomware (also called cyber extortion, see here & here), and a few attacks have made headlines:
- Hollywood Presbyterian Medical Center (here, here & here)
- Kansas Heart Hospital (here & here)
- Ruby Heart Hospital (here & here)
In most ransomware cases, hackers are looking to disrupt businesses and make easy money rather than re-sell data. And ransomware is becoming more common across all businesses (see here, here, here & here).
With the increase in cyber-attacks against healthcare organizations, proactive IT security is vital, and organizations need to have procedures (and vendors) in place before an attack occurs. And Cyber Risk Insurance which includes coverage for ransomware attacks is also a critical component of any protection plan.
Cyber Risk Insurance policy forms vary widely and can be tailored to cover the cost of breaches, business interruption, credit card obligations and crisis management. While many policies include coverage for ransomware (or cyber extortion), not all are consistently broad.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber).