The healthcare industry has undergone many changes in recent years, particularly centered on new technologies for managing patient encounters and to facilitate treatment. Electronic patient records and telemedicine options are some of the primary technologies adopted by healthcare facilities. In the wake of the COVID-19 pandemic, these technologies allow healthcare delivery without direct contact between caregivers and patients. Unfortunately, with new technologies come new risks; healthcare cyber liability concerns related to criminal activity have risen dramatically. Many experts believe these emerging cyber liabilities will continue to linger far beyond the end of the pandemic, necessitating a careful look at the risk management strategies available to healthcare organizations.
Cyber Criminals Targeting Enterprise Systems and Patient Data
Across industries, information technology professionals have experienced a sharp uptick in cyber criminality. In the healthcare sector, hackers have intruded into networks to interfere with information-sharing between health organizations. In the Czech Republic, the hospital responsible for managing COVID-19 testing for the country was the victim of a cyberattack, necessitating the shutdown of the facility’s network. Similar attacks targeted the U.S. Department of Health and Human Services (HHS) and the World Health Organization (WHO).
Healthcare systems have been a prime target for criminals, owing to the value of patient records which may contain Social Security numbers, banking information, and sensitive personal details. When criminals gain access to patient data, this information is often sold on the black market, netting millions of dollars in illicit profits. Healthcare cyber liability exposures may include:
- Malware – programs designed to look like legitimate apps, but redirect network traffic or data to criminal enterprises.
- Ransomware – holding data or networks hostage until a ransom is paid to cyber criminals.
- Distributed denial of service (DDoS) attacks – flooding healthcare networks with traffic to foil operations.
- Social engineering hacks – individuals posing as members of an organization to gain access to sensitive passwords and healthcare data.
Healthcare Cyber Liabilities: Emerging Threats
The COVID-19 crisis has ushered in new operational practices, including those used in the healthcare industry. Remote work has become an integral part of many businesses, allowing employees to work from the safety of their own homes. Unfortunately, because these remote work options are relatively new and unfamiliar to many employees, hackers have taken advantage of weak security practices to gain entry into critical networks. This trend is expected to continue after the pandemic is contained, potentially costing healthcare organizations millions of dollars in insurance claims, forensic investigations, and legal exposures.
The “Internet of Things”(IoT) is also a potential weak point for cyber criminals to exploit. Internet-connected medical devices and mobile communication and computing technologies often exist under a patchwork of security settings and protocols, or may be relatively exposed to criminal activity. The pandemic has only increased the reliance on these connected devices. Once a hacker gains entry to a network from a connected medical device, access to enterprise and patient data is but a few mouse clicks away.
Managing Healthcare Cyber Liability
Healthcare organizations know that the COVID-19 pandemic has altered business operations, forcing employees and managers to approach work in new ways. With the adoption of technologies to make the transition smoother, cyber criminals have leveraged security weaknesses to gain access to enterprise systems.
It is imperative that organizations address their healthcare cyber liability exposures, employing robust risk management strategies backed by comprehensive cyber liability insurance solutions. Training employees on secure computer access practices and password management can foil many malware, ransomware, and social engineering hacks. Adopting best practices in terms of IT network intrusion detection and security go a long way toward eliminating criminal activity. It is a good idea for healthcare organizations to carefully review existing insurance coverages and to identify any coverage gaps that may lead to liability exposures. With these practices, healthcare facilities can stop cyber criminals in their tracks, protecting sensitive business and patient data and helping to ensure business continuity.
About U.S. Risk
U.S. Risk, LLC. is a wholesale broker and specialty lines underwriting manager providing a wide range of specialty insurance products and services. Headquartered in Dallas, Texas and operating 16 domestic and international branches, U.S. Risk and its affiliates would like to help you access a world of new markets and products. For more information, contact us today at (800) 232-5830.