Health care systems are becoming increasingly vulnerable to malicious hackers, with cyber insurance premiums rising and the nature of such attacks becoming dangerously uninsurable.
The likelihood of attacks in the health care sphere, isn’t just a case of ‘if’ but ‘when’, reports Home Health Care News.
As such, health care providers have been under immense pressure from insurers to harden their defences through stronger data back-up strategies, multi-factor authentication implementation, increased employee security training and network segmentation, in order to secure cyber coverage.
However, despite their efforts, health care companies’ success in obtaining policies has fallen short due to a multitude of coverage restrictions and price inflations.
Many insurers have reported huge upticks in their premiums, leading to a wealth of individual health systems being unable to afford cyber policies to ensure adequate protection.
Moody’s Analyst, Matthew Cahill declared; “The cost of insurance is rising and it’s coming at the worst time for health care. There’s not a lot of wiggle room.”
Moreover, the retraction of coverage from previously held all-encompassing policies has caused a significant blow to many health care firms.
When cyber insurance first emerged in the early 2000’s, protection was most often included as a part of other policies.
Since, cyber criminals’ offences are growing in sophistication and the persistence of attacks has become unmanageable to pay out.
Risk Strategies’ Senior Vice President and National Cyber Risk Practice Leader, Rob Rosenzweig, informed how the amounting danger and accounts of successful hacks have therefore led insurers to rethink holistic coverage, as such plans are under-priced for the amount of risk policy providers are now exposed to.
Thus, since 2019, this has led to a retraction in coverage, with cyber insurance manifesting into predominantly standalone policies in 2023.
Companies now must invest into further add on plans to protect their institutions from increasingly discerning threats.
“Insurance is becoming unaffordable or frankly unavailable for a lot of small- to medium-sized issuers,” Omid Rahmani, Associate Director at credit rating agency, Fitch Rating voiced.
More recently, in the wake of the Ukraine war, exclusions of state-backed attacks in all policies have been introduced across the board, given the extreme risk from the volatile political economy.
“So many insurers treat social engineering as a separate policy extension,” Soumitra Bhuyan, an Associate Professor at Rutgers University commented.
Indeed, from April 2023, LLoyd’s of London have stated the requirement for all insurance groups in their global and reinsurance marketplace to permanently exclude state-backed cyberattacks from all their policies.
With the alarming forecasts of cyber insurers’ refusals to cover nation-state backed cyber-attacks all together, health care systems run the risk of complete collapse if an attack was to occur and ultimately the start of a patient safety epidemic.
Infiltration of hospital intelligence doesn’t just risk the exploitation of personal data or damage financial health, but in the instance of health care, malicious infringement of patient records poses a detrimental risk to life.
Fortified Health Security CEO, Dan L. Dodson, warned; “In the health system space, we’re seeing organisations go down for weeks and months, literally diverting care. It’s one thing for a patient record to be exposed, and nobody wants that. But it’s an entirely different set of circumstances when you can’t deliver care.”
“With the increased rates and limited coverage, small independent and rural hospitals are at a significant disadvantage in obtaining cybersecurity insurance and may be unable to recover if a breach happens,” Bhuyan disclosed.
Ultimately, Zurich’s CEO begged the question; “Are cyber threats becoming so risky as to become uninsurable?”
Will health care systems be able to ensure adequate cyber protection for themselves, their institutions and patients?