Healthcare Ransomware on the Rise

An increase in ransomware attacks against healthcare organizations has increased the potential damages from cyber-attacks beyond the release of detailed customer data.  Not only is the exposure increasing, but the need for comprehensive Cyber Risk Insurance is more important now than ever.

Ransomware involves using malware to encrypt a victim’s data, and then requiring a payment in order to get a key to unlock the data (see here).  Not all Cyber Risk Insurance policies fully cover the consequences of ransomware attacks.  Cyber Risk Insurance (also called Data Breach, Privacy and Network Security insurance coverage) policies are not all the same, and comprehensive coverage is important to protect clients. 

An attack on the Hollywood Presbyterian Medical Center early in 2016 was the first major ransomware attack that did significant damage (see here).  This attack resulted in operating challenges that were likely more disruptive and expensive than the actual payment of the ransom.  Other similar attacks on healthcare organizations followed (see here).

Healthcare will continue to be a target in the future because of the value of healthcare records and the wide distribution of data (see here).  Not only has there been a shift in extortion attacks to healthcare, including smaller organizations, the attacks have become more targeted and destructive.  What can we expect in the future, from KrebsonSecurity (see here):

What we can expect is not only more targeted and destructive attacks, but also ransom demands that vary based on the attacker’s estimation of the value of the data being held hostage and/or the ability of the victim to pay some approximation of what it might be worth.

Or consider this (see here):

Organizations must be better prepared to deal with future strains of ransomware that will be more sophisticated and damaging, with fragile infrastructure, poor network hygiene and slow detection rates all currently giving adversaries too much time and air cover to operate.

Strong cyber risk management is critical in protecting healthcare organizations, along with Cyber Risk Insurance.  Cyber Risk Insurance is an essential coverage for businesses of all sizes for protection from both criminal attacks and employee error; it should not be optional.  Coverages vary widely and can be tailored to cover the cost of breaches, forensics, business interruption, credit card obligations, PCI assessments and crisis management – as well as extortion. 

Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber).  We excel at hard to place accounts, including Cyber Risk Insurance for hospitals, physicians and other healthcare organizations.