By Vanessa Orr
It is imperative that healthcare companies carry cyber insurance; after all, protecting patients’ medical records is of the utmost importance. Unfortunately, as the threat of cyberattacks, including malware and ransomware increases, so do the rates for this essential coverage.
Matt Gracey
“We are now seeing our healthcare clients face cyber insurance renewal rate increases of between 45-90 percent,” explained Matt Gracey, managing director, Risk Strategies / Danna-Gracey. “Within the last three to four months, this coverage has gone completely crazy with much higher pricing, much more restrictive underwriting and more requirements placed on clients—like having multifactor authentication now as a base requirement for coverage—in practices of every size.
“This was happening even before the Russia/Ukraine situation and increasingly high threats of Russian cyberattacks on America,” he added. “Healthcare is the number one attacked industry in the cyberattack world, and we have to consider the fact that we could face severe disruptions in its delivery.”
Gracey noted that in 2017, hospitals in England and Scotland had to shut down emergency room care as the result of cyberattacks caused by WannaCry ransomware. “And those were more ‘normal’ times,” he said. “These are extraordinarily fearful times in the cyber-warfare world.”
In the past, the healthcare industry was mainly concerned with ransomware, but cyber experts are now predicting that ransomware attacks will decrease while more broad attacks designed to create havoc in the healthcare system will increase.
“To complicate the picture, not only have ransomware attacks been out of control for the last year, but now we have the Russians making cyberattack threats, and programs with zero-click vulnerabilities,” said Gracey. “These are really nasty programs, such as SolarWinds and Pegasus, where there is no action needed on the user’s part for cyber criminals to enter into their system.
“Layer all of this together, and it shows how vulnerable we have become and how important it is to make sure that the defenses we do have are up and functioning as fully as possible,” he added.
Gracey advises companies to focus on Cyber Hygiene 101—making sure they have installed effective anti-virus programs with strong passwords, and checking that their cybersecurity is updated.
“Many practices install good cyber security but forget to update the systems,” he said. “This is critically important to protecting yourself from cyber criminals.”
As cyber threats continue to rise, so will the cost of insurance coverage.
“Cyber insurance companies are in uncharted territory because there is not enough good actuarial data on cyberattacks to be able to make sound forecasts of where the rates should be in order to handle the risk exposure,” said Gracey. “It’s not like we have 50 years of automobile accident data, which makes it easy to determine the monetary risk. In the cyber world, there is no credible data to decide what we’re facing and what the rates for coverage should be.
“Five years ago, experts predicted that cyber insurance for healthcare would become more expensive than malpractice insurance,” he added. “I’m afraid we’re now seeing a march toward that trend.”
For more information, contact Matt Gracey at 800-966-2120 or visit www.dannagracey.com.
