Unfortunately, healthcare and ransomware go together. Healthcare organizations, particularly medical practices, facilities and specialized healthcare vendors, are prime ransomware targets and should make sure that they have comprehensive Cyber Insurance to obtain the best protection.
Ransomware has become the attack vector of choice due to its effectiveness (here). In the early days, criminals would blast out phishing emails to many recipients hoping to get a small number of victims to pay $500-$1,000 each. Then a few targeted attacks against hospitals (here) demonstrated the disruption that an effective ransomware attack could have and the potential for a significant ransom payment. The business interruption losses from a ransomware attack were so high that ransom payments of $20,000 to $50,000 seemed like a small price to pay, and the value of ransom payments went up. More recently, municipalities have been prime targets due to lax IT security and the potential for substantial extortion payments (here, here), with some payments exceeding $500,000.
Healthcare continues to be a prime ransomware target. In additional to hospitals, other healthcare targets can be lucrative targets of ransomware attacks. And Cyber Insurance can be the difference between survival and failure.
For example, a small medical practice in Michigan suffered a devastating ransomware attack (here, here, here, here) resulting in the demise of the business. A phishing email introduced the ransomware malware which encrypted all of the practice’s electronic data. The practice was unable to access schedules, patient records or payment information. The ransom demand of $6,500, small by comparison to other attacks, was not paid and the criminals deleted all the practice’s records. Rather than attempting to rebuild the practices, the owners shut the practice down. The medical practice did not have Cyber Insurance to provide incident response services or financial resources to recover from the attack.
Other examples include:
An Ohio-based practice administrator paid a $75,000 ransom payment to unlock data encrypted by a ransomware attack (here). In addition to the ransom payment, the practice estimated losses of $30,000 to $50,000 per day over approximately three days.
A non-profit youth social service suffered a ransomware attack and paid the ransom demand (here).
A surgical healthcare facility in Washington paid a $14,000 ransom demand after the attack compromised patient records (here, here).
While ransomware is the leading attack vector today (here), it is not the only cyber exposure facing healthcare organizations. As noted in a prior post (here), healthcare organizations face other cyber including breaches of confidential healthcare information, theft of money from social engineering fraud and HIPAA fines.
Like many business segments, healthcare organizations are typically digitally connected with many other organizations, including specialized vendors. A cyber security incident at one entity can create cyber exposures at other digitally connected entities. A recent ransomware attack at a medical billing company entangled many other healthcare organizations (here, here).
Cyber Insurance is essential for all healthcare organizations for protection from both criminal attacks, such as ransomware attacks, and from employee errors. Coverages vary widely, and so a thorough review is essential to ensure that comprehensive coverage is in place. Yet 70% of healthcare organizations do not have comprehensive Cyber Insurance according to a recent survey (here, here).
A comprehensive Cyber Insurance policy will provide resources for an organization to recover from a ransomware attack. Insurers will typically offer 24/7 incident response resources to assist insureds in quickly addressing an attack. Comprehensive standalone policies will typically provide coverage for the extortion payment and for business interruption losses. Depending on the specifics of an attack, other Cyber coverages may also be triggered.
eSpecialty Insurance is your specialty insurance expert. We have developed a streamlined marketplace to provide multiple proposals from a range of competitive insurers, along with expertise to help you evaluate your exposures and choose the best combination of comprehensive coverage and price. We look forward to working with you.
Nice article, These tips are really awesome, really like your post.
Everything is so much clearer with your tips in the article. keep going.
Posted by: Linda | April 01, 2020 at 09:00 AM