6 Reasons Why Healthcare Organizations Need Cyber Insurance

Cybersecurity is one of the most challenging issues facing companies today. Companies of all shapes and sizes are becoming cybercriminal targets. In addition, modern business operations involve reliance on third-party technology to sustain operations. No company today is immune from a cyberattack or a digital supply chain disruption.

Given the nature of healthcare provider operations, ransomware situations can be a matter of life and death. This makes companies in the healthcare arena a top target for cybercriminals who use sophisticated schemes to thwart modern cybersecurity.

In addition to being a prime target for cyberattacks, healthcare organizations are also more susceptible to cyber-related litigation, given the privacy laws and regulations associated with individuals' protected health information. Today, more than ever, healthcare providers must have a robust cyber insurance policy in place that provides extensive first-party and third-party coverage.

Stand-Alone Cyber Policy Protections

A properly structured stand-alone cyber policy provides coverage against financial losses associated with addressing a cyberattack—losses not typically covered by other policies. Here are six protections to consider:

1. Ransomware: In a ransomware attack, bad actors encrypt files and lock your company’s network. They demand ransom, typically paid in cryptocurrency, in return for unlocking the network and not leaking data on the dark web. A cyber policy can provide money for the ransom and the hiring of a skilled negotiator. For healthcare organizations, a ransomware event can turn into a life or death situation, making partnering with a strong cyber insurance carrier with extensive ransomware negotiation experience that much more important.
2. Business Email Compromise: In this type of sophisticated cyberattack, bad actors exploit compromised email accounts to conduct fraudulent activity. This attack can go unnoticed for months, during which bad actors silently monitor and extract data from emails, including confidential information. Although it may seem harmless at first, this can lead to significant financial and data losses and can be used to disrupt business operations in the future.
   
   Cybercriminals use social engineering and invoice manipulation schemes as their most common tactics to disrupt businesses. A robust cyber policy will include multiple fraud-related crime offerings to cover such attacks.
   
   
3. Business Interruption: During a ransomware attack, a healthcare organization may be completely shut down and unable to operate, leading to a loss of revenue. Business interruption coverage reimburses for loss of income and expenses to restore operations due to computer system disruption caused by an attack on the insured’s computer systems.
4. Contingent Business Interruption: This coverage protects a healthcare company from income loss and the costs of restoring operations if a third-party computer system, which the company relies on, experiences an interruption. Disruptions in the digital supply chain are increasingly common, particularly in the healthcare industry. Therefore, it's crucial to have safeguards in place to protect your business if a dependent partner becomes inoperable due to a cyber incident.
5. Liability Coverage: A cyber liability insurance policy typically covers regulatory proceedings, civil and investigative demands brought by domestic or foreign governmental entities, and regulatory claims from a first-party cyber event. An example would be if a healthcare organization fell victim to a cyberattack and its patients filed a class action lawsuit afterward, alleging the organization didn’t do enough to secure their personal health information. Cyber liability coverage is essential for healthcare organizations due to laws that protect patients' health information.
6. Bricking: When a cybercriminal installs malware on a device and renders it inoperable, it is known as “bricking” (i.e., turning the device into a brick). Bricking coverage will reimburse funds for replacing a component of your computer system to return it to its original pre-incident condition. Given the amount of operational technology healthcare organizations use that could be made inoperable, this coverage is especially important for them.

Cybersecurity Trends

Healthcare organizations should know about the following trends:

Double Extortion: Organizations have become better at protecting and backing up their cyber networks. For a bad actor, this means that a simple ransomware attack may not be successful; the target company may be able to continue functioning without paying the ransom. So, criminals have evolved and are launching "double extortion ransomware attacks” where, in addition to locking the network, they steal and threaten to release sensitive data unless the ransom is paid.

Supply Chain Attacks: A data supply chain attack, sometimes called a value chain attack or third-party attack, occurs when a bad actor infiltrates a company’s information technology system through a third party. Today, you must manage not only your internal network but also understand who has access to it and what you can do to minimize and potentially prevent a cyber event.

Contingent Business Interruption Claims: In 2024, multiple cyberattacks occurred in which one company was breached, but thousands were impacted. From the Change Healthcare event that impacted the healthcare industry to the CDK Global attack that impacted dealerships and the CrowdStrike outage that affected multiple industries, we see how a cyber event on one company disrupts the digital supply chain.

Operational Technology: Since 2022, attacks targeting operational technology have increased considerably. Historically, only nation-state-backed threat actors were known to target operational technology, but recently, there has been a spike in attacks from hacktivist groups. This makes sense, given the advancements in generative AI, because it makes conducting sophisticated cyberattacks on operational technology easier.

Healthcare Industry Claim Examples

What do cyber risks look like for healthcare organizations? Here are a few examples.

Change Healthcare: One Attack, Many Victims

In February 2024, Change Healthcare, a subsidiary of United Healthcare, fell victim to a ransomware attack. Nearly one-third of Americans' health data was breached. This attack prompted Change Healthcare to shut down its systems for several days while dealing with the ransomware situation.

Change Healthcare provides technology products that healthcare providers rely on for operations. Therefore, not only was this a first-party cyber claim for Change Healthcare, but because thousands of healthcare organizations across the country relied on their technology to sustain operations, this was a contingent business interruption claim for companies who lost revenue due to Change Healthcare’s systems being down.

Ascension Healthcare: Attack Followed by Lawsuits Within Days

In May 2024, Ascension Healthcare was attacked by the Black Basta ransomware gang, which targets critical U.S. infrastructure, including the healthcare sector. The attack caused Ascension to take its systems offline for days. Ascension operates 140 hospitals in 19 states, making the impact of this event significant.

Days after the ransomware attack, a class action lawsuit was filed stating that Ascension Health had failed to implement reasonable and industry-standard cybersecurity practices. The claimants stated that because of the breach, they suffered damages, including invasion of privacy, theft of private information, and lost time dealing with the consequences of the data breach.

Ridgeview Medical Center: Cybercriminals Capitalize on Global Health Crisis

In 2020, Ridgeview Medical Center suffered a significant IT disruption caused by a ransomware attack from the Trickbot cybercrime group. Exploiting the urgency of the COVID-19 pandemic, Trickbot targeted critical health infrastructure, knowing hospitals needed to restore operations quickly. This attack was part of a broader strategy to create chaos and force swift ransom payments from healthcare providers trying to stay operational during the global crisis.

Helping You Understand Your Risks

Hylant’s Cyber experts assist healthcare organizations in identifying risk from an insurance perspective. We help you understand the probability of something happening, quantify the impact, and create a plan for protecting your people, assets and company finances. Learn more here.

| Related Reading: What Is Cyber Insurance?

The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.