New Reports Show an Increase in Patient Data Breaches

March 21, 2019

Data from 2018 Cyber insurance claims reflect a rise in business email compromise (BEC) and ransomware, according to reports recently issued by several Cyber Liability insurance providers. BEC is a social engineering attack in which cybercriminals use compromised email credentials or spoof a legitimate email address to try and trick an employee into making an electronic payment to a bank account controlled by the cybercriminal or, in some cases, to transfer sensitive data. Ransomware is a type of malicious software that restricts access to an infected machine, typically by systematically encrypting files on the system’s hard drive and then demanding payment of a ransom to unlock the machine. The payment is usually in the form of cryptocurrency, such as Bitcoin.

The health care industry was among the top most targeted industries last year along with financial institutions, professional services, manufacturing, hospitality, and real estate. According to one report, 2018 saw a three-fold increase in breaches of health records, exposing more than 15 million records. The most common cause behind a cyber loss in the health care sector is due to employee negligence followed by ransomware. In fact, the data from one insurer showed cyber incidents caused by employee negligence in the healthcare industry went up 25% in 2018 over 2017.

Across all industry segments, including health care, the largest costs associated with cyber claims include IT forensics and breach coach/legal expenses. IT forensics expenses involve investigation of the breach, examination of what data may have been exposed or exfiltrated, cryptocurrency procurement and payment and data decryption and/or system restoration. Breach coach/legal expenses relate to legal fees paid to manage the breach response, coordinate vendors, and pay defense costs.

To address the expanding and emerging complexity of cyber attacks, the insurance industry is among those creating products to respond to this risk. Cyber premiums in the U.S. in 2018 were $2 billion, according to Fitch Ratings, and poised for continued 25% CAGR through 2023. In addition, most recently it was announced that some of the world’s biggest insurers plan to work together on an assessment of the best cyber security defenses available to businesses, underscoring the rising dangers posed by digital hackers. The program will evaluate cyber security software and technology sold to businesses, with participating insurers sizing up the offerings, and identifying the products and services considered effective in reducing cyber risk. The results will be made available to the public.

Manchester Specialty Programs is also committed to protecting the health care industry, including the home health care and hospice sector, by providing solutions to respond to the proliferation of cyber attacks. Our solutions include comprehensive coverage as well as valuable proactive cyber management and loss prevention assistance through our carriers and third-party consultants. For more information about our Cyber Liability insurance solutions and how you can assist your clients, please contact us at 855.972.9399