The Growing Importance of Cyber Insurance in Healthcare
The Growing Importance of Cyber Insurance in Healthcare
The Growing Importance of Cyber Insurance in Healthcare
3 Mar 2021
Over the years, the healthcare sector has become more invested and reliant on technologies to provide care. With Covid-19 hitting, these requirements have escalated even further.
An acceleration in telemedicine and other varying forms of online, digital, or software-based treatments and services also demonstrates a growing cybersecurity threat within the healthcare sector. These threats can affect large and small organisations alike, and education and resources should be invested within the healthcare sector to minimise cyber-related incidents. Today, Servca looks at the varying examples, exposures, and steps that can be taken to try and minimise cyber threats.
Please note that this article is intended to serve as value-adding information, and you should consult with a professional when taking steps in arranging cyber liability protections.
What is Cyber Security?
The National Cyber Security Centre dictates that Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets, and computers), and the services we access - both online and at work - from theft or damage".
What are some examples of Cyber Security threats?
Ransomware - is a type of malware that infects systems and files, making them inaccessible until a ransom is paid. When this occurs in the healthcare industry, critical processes are decelerated or become impossible. Data Breaches - can be caused by many different types of incidents, including credential-stealing malware, an insider who either purposefully or inadvertently divulges patient data, or loses a laptop or other devices with confidential information on it. Insider Threats - The insider presents a threat because they have indisputable access to the systems and knowledge of the network capabilities and weaknesses. Fraud - scammers use a compromised account or fake email to trick employees into initiating a money transfer to an alternative (fraudulent) account. The scammers almost always pretend to be a person of power within the organisation.
Why is the Healthcare sector at higher risk?
Private patient information is worth much money - They can be sold on the dark web for close to £1,000 – 200 times the black-market value of a financial record. Medical technologies are an easy access point for attackers – The use of devices, computers, servers, and software provides an increased number of entry points for attackers to focus on. Data is often accessed remotely, allowing more opportunities for attacks. Healthcare staff are not educated and trained enough in online risks. Extensive network of connected medical devices – Particularly within larger organisations, it is not easy to manage and stay on top of all these devices. Outdated technology means the healthcare sector is ill-equipped for attacks.
Steps that can be taken to improve Cyber Security in Healthcare
Cybersecurity training for staff and employees - Mandatory training ensures that all employees know their role in keeping the organization's systems and data safe. It keeps them mindful of the most common cyber threats.
Apply regular system checks and software updates – developers often regularly release updates for their applications and software that ensure the most up-to-date patches limit opportunistic threats.
Controlled System Access - granting a specific employee is the system privileges they need to execute their job effectively will ensure a monitored and considered approach to accessing and using the systems.
Regular Risk Assessments - Conducting a technology risk assessment at least once a year allows organisations to detect new threats before third parties exploit them.
Data Recovery - Data loss is far worse than unauthorized data access. It not only damages the organisation's reputation but can also cause a crippling effect on the way services and treatments are rendered. Therefore, a data recovery mechanism will ensure data is intact if the information on systems is rendered unusable due to a breach.
Case Study – WannaCry
In May 2017, the National Audit Office (NAO) issued that more than a third of NHS trusts in the UK were affected by the WannaCry ransomware attack. WannaCry, which circulated to more than 150 countries in a globally, as a form of malware encoded data on infected computers that demanded a ransom (to be paid) roughly equivalent to £230.Approximately 7,000 NHS appointments were cancelled as a direct consequence of the incident, of which around 140 people potentially with cancer, who had urgent referrals rescinded. An evaluation of 88 out of 236 trusts discovered that none passed the necessary cyber-security specifications.
Our Summary
As you can see from the case study we have highlighted, any type and sized organisations can be affected by cyber-attacks, with devastating effects. Furthermore, within the healthcare sector specifically, a cyber-attack or incident can consequentially result in a claim of medical malpractice. In the WannaCry case study, we highlighted that nearly 7,000 NHS appointments were cancelled. If one of these patients fell ill, they could try and file a negligence claim (or misdiagnosis). Since most cyber policies have a bodily injury exclusion, it is vital to understand that relevant and essential coverages are in place to protect against a host of scenarios of claims. If you wish to learn more about cyber liability in the healthcare sector, get in touch with us a Servca. We are an owner-managed Lloyd's of London insurance brokerage focusing on the Healthcare and regulated sectors and it is our priority to ensure you are protected.
An acceleration in telemedicine and other varying forms of online, digital, or software-based treatments and services also demonstrates a growing cybersecurity threat within the healthcare sector. These threats can affect large and small organisations alike, and education and resources should be invested within the healthcare sector to minimise cyber-related incidents. Today, Servca looks at the varying examples, exposures, and steps that can be taken to try and minimise cyber threats.
Please note that this article is intended to serve as value-adding information, and you should consult with a professional when taking steps in arranging cyber liability protections.
What is Cyber Security?
The National Cyber Security Centre dictates that Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets, and computers), and the services we access - both online and at work - from theft or damage".
What are some examples of Cyber Security threats?
Ransomware - is a type of malware that infects systems and files, making them inaccessible until a ransom is paid. When this occurs in the healthcare industry, critical processes are decelerated or become impossible. Data Breaches - can be caused by many different types of incidents, including credential-stealing malware, an insider who either purposefully or inadvertently divulges patient data, or loses a laptop or other devices with confidential information on it. Insider Threats - The insider presents a threat because they have indisputable access to the systems and knowledge of the network capabilities and weaknesses. Fraud - scammers use a compromised account or fake email to trick employees into initiating a money transfer to an alternative (fraudulent) account. The scammers almost always pretend to be a person of power within the organisation.
Why is the Healthcare sector at higher risk?
Private patient information is worth much money - They can be sold on the dark web for close to £1,000 – 200 times the black-market value of a financial record. Medical technologies are an easy access point for attackers – The use of devices, computers, servers, and software provides an increased number of entry points for attackers to focus on. Data is often accessed remotely, allowing more opportunities for attacks. Healthcare staff are not educated and trained enough in online risks. Extensive network of connected medical devices – Particularly within larger organisations, it is not easy to manage and stay on top of all these devices. Outdated technology means the healthcare sector is ill-equipped for attacks.
Steps that can be taken to improve Cyber Security in Healthcare
Cybersecurity training for staff and employees - Mandatory training ensures that all employees know their role in keeping the organization's systems and data safe. It keeps them mindful of the most common cyber threats.
Apply regular system checks and software updates – developers often regularly release updates for their applications and software that ensure the most up-to-date patches limit opportunistic threats.
Controlled System Access - granting a specific employee is the system privileges they need to execute their job effectively will ensure a monitored and considered approach to accessing and using the systems.
Regular Risk Assessments - Conducting a technology risk assessment at least once a year allows organisations to detect new threats before third parties exploit them.
Data Recovery - Data loss is far worse than unauthorized data access. It not only damages the organisation's reputation but can also cause a crippling effect on the way services and treatments are rendered. Therefore, a data recovery mechanism will ensure data is intact if the information on systems is rendered unusable due to a breach.
Case Study – WannaCry
In May 2017, the National Audit Office (NAO) issued that more than a third of NHS trusts in the UK were affected by the WannaCry ransomware attack. WannaCry, which circulated to more than 150 countries in a globally, as a form of malware encoded data on infected computers that demanded a ransom (to be paid) roughly equivalent to £230.Approximately 7,000 NHS appointments were cancelled as a direct consequence of the incident, of which around 140 people potentially with cancer, who had urgent referrals rescinded. An evaluation of 88 out of 236 trusts discovered that none passed the necessary cyber-security specifications.
Our Summary
As you can see from the case study we have highlighted, any type and sized organisations can be affected by cyber-attacks, with devastating effects. Furthermore, within the healthcare sector specifically, a cyber-attack or incident can consequentially result in a claim of medical malpractice. In the WannaCry case study, we highlighted that nearly 7,000 NHS appointments were cancelled. If one of these patients fell ill, they could try and file a negligence claim (or misdiagnosis). Since most cyber policies have a bodily injury exclusion, it is vital to understand that relevant and essential coverages are in place to protect against a host of scenarios of claims. If you wish to learn more about cyber liability in the healthcare sector, get in touch with us a Servca. We are an owner-managed Lloyd's of London insurance brokerage focusing on the Healthcare and regulated sectors and it is our priority to ensure you are protected.
Global Headquarters
Servca Group
Dukes House
32-38 Dukes Place
5th Floor
London, EC3A 7LP
United Kingdom
+44 (0) 207 2250000
info@servca.com
Broker at Lloyd’s SLM1389
European Office
Servca Europe
Dragonara Business Centre
Dragonara Road
5th Floor
St Julian’s, STJ 3141
Republic of Malta
eu@servca.com
Broker at Lloyd’s (Brussels) SLM1883
Canadian Office
Servca Canada Insurance Group Inc
40 King Street West
Suite 2100
Toronto
M5H 3C2
Canada
canada@servca.com
Non-regulated servicing company
Northern Ireland
Servca Northern Ireland
River House Belfast
48-60 High Street
Belfast
BT1 2BE
+44 (0) 2895582000
ni@servca.com
Broker at Lloyd’s SLM1389
© 2024 Servca
Servca Group Ltd is a private limited company registered in England and Wales; Registered Number: 7727494; Registered Office: Dukes House, 32-38 Dukes Place, 5th Floor, London, EC3A 7LP, United Kingdom. Authorised and regulated by the Financial Conduct Authority. Servca European Insurance Brokers Ltd (a private limited company incorporated in Malta and enrolled to act as an insurance broker); Tower Business Centre, Level 3, Tower Street, Swatar, BKR, 4013, Republic of Malta. Servca Canada Insurance Group Inc, a private limited company incorporated at 40 King Street West, Suite 2100, Toronto, M5H 3C2, Canada. Servca group of companies are owned and operated by Servca Group Holdings Ltd, a private limited company registered in England & Wales.
Global Headquarters
Servca Group
Dukes House
32-38 Dukes Place
5th Floor
London, EC3A 7LP
United Kingdom
+44 (0) 207 2250000
info@servca.com
Broker at Lloyd’s SLM1389
European Office
Servca Europe
Dragonara Business Centre
Dragonara Road
5th Floor
St Julian’s, STJ 3141
Republic of Malta
eu@servca.com
Broker at Lloyd’s (Brussels) SLM1883
Canadian Office
Servca Canada Insurance Group Inc
40 King Street West
Suite 2100
Toronto
M5H 3C2
Canada
canada@servca.com
Non-regulated servicing company
Northern Ireland
Servca Northern Ireland
River House Belfast
48-60 High Street
Belfast
BT1 2BE
+44 (0) 2895582000
ni@servca.com
Broker at Lloyd’s SLM1389
© 2024 Servca
Servca Group Ltd is a private limited company registered in England and Wales; Registered Number: 7727494; Registered Office: Dukes House, 32-38 Dukes Place, 5th Floor, London, EC3A 7LP, United Kingdom. Authorised and regulated by the Financial Conduct Authority. Servca European Insurance Brokers Ltd (a private limited company incorporated in Malta and enrolled to act as an insurance broker); Tower Business Centre, Level 3, Tower Street, Swatar, BKR, 4013, Republic of Malta. Servca Canada Insurance Group Inc, a private limited company incorporated at 40 King Street West, Suite 2100, Toronto, M5H 3C2, Canada. Servca group of companies are owned and operated by Servca Group Holdings Ltd, a private limited company registered in England & Wales.
Global Headquarters
Servca Group
Dukes House
32-38 Dukes Place
5th Floor
London, EC3A 7LP
United Kingdom
+44 (0) 207 2250000
info@servca.com
Broker at Lloyd’s SLM1389
European Office
Servca Europe
Dragonara Business Centre
Dragonara Road
5th Floor
St Julian’s, STJ 3141
Republic of Malta
eu@servca.com
Broker at Lloyd’s (Brussels) SLM1883
Canadian Office
Servca Canada Insurance Group Inc
40 King Street West
Suite 2100
Toronto
M5H 3C2
Canada
canada@servca.com
Non-regulated servicing company
Northern Ireland
Servca Northern Ireland
River House Belfast
48-60 High Street
Belfast
BT1 2BE
+44 (0) 2895582000
ni@servca.com
Broker at Lloyd’s SLM1389
© 2024 Servca
Servca Group Ltd is a private limited company registered in England and Wales; Registered Number: 7727494; Registered Office: Dukes House, 32-38 Dukes Place, 5th Floor, London, EC3A 7LP, United Kingdom. Authorised and regulated by the Financial Conduct Authority. Servca European Insurance Brokers Ltd (a private limited company incorporated in Malta and enrolled to act as an insurance broker); Tower Business Centre, Level 3, Tower Street, Swatar, BKR, 4013, Republic of Malta. Servca Canada Insurance Group Inc, a private limited company incorporated at 40 King Street West, Suite 2100, Toronto, M5H 3C2, Canada. Servca group of companies are owned and operated by Servca Group Holdings Ltd, a private limited company registered in England & Wales.