Why Cyber Insurance is important for Healthcare Institutions

Anushri

•

Healthcare Security

•

Sep 27, 2023

In an IBM data breach report, they found that the average data breach cost for the healthcare industry was about $10.1 million, more than double the global average data breach cost of $4.35 million and the highest of any industry. With this level of risk, cyber liability insurance is a must, especially with all the risks that the industry faces.

Considering that the Office for Civil Rights (OCR) will fine healthcare businesses for failure to implement proper data security policies, it’s worth knowing that in 2022 it took an average of 207 days to identify a data breach and 70 days on average to contain it.

The most common reasons why healthcare organizations are targeted include the following:

Large amounts of sensitive information - Healthcare institutions handle large amounts of protected health information (PHI), personally identifiable information (PII), and other sensitive medical records that make them attractive targets for cybercriminals. The value of the data also allows cybercriminals to demand higher ransoms after a ransomware attack.
Use of legacy systems and technology - Many hospitals are still transitioning from outdated systems and legacy hardware and software. The transition process can make a healthcare center vulnerable to cyber attacks since the totality of the data is not yet stored or processed securely. The use of outdated hardware or software is also a risk factor because they tend to have vulnerabilities that cybercriminals can exploit to gain unauthorized access to personal data.
Multiple departments - A complex organizational structure can lead to communication and security challenges. Many hospitals are segmented by department or location, each with its own security policies, which can expose security weaknesses that threaten the safety of private data throughout the health center.
Outsourcing to third parties - Healthcare organizations often contract third-party providers for specific services. Working with third-party service providers introduces new risks if they are not up to par with their cybersecurity practices, especially if they are allowed access to critical data.