Summary
2020 was a year that saw many changes that particularly affected the healthcare community.
2020 was a year that saw many changes that particularly affected the healthcare community. But while U.S. healthcare workers remained on the front lines heroically battling the COVID-19 pandemic, another hidden menace has been steadily increasing in prevalence underneath the radar: Ransomware.
As more workers become remote and health organizations continue to make the shift to be more connected technologically due to the COVID-19 pandemic, the risk of ransomware attacks, as well as other forms of cyberattacks, has grown.
In fact, when examining the ransomware claims experience of Coverys insureds, Coverys’ ransomware claims increased over 66% compared to the average of the past four underwriting years.
Not only do businesses risk data being locked or having to pay a ransom, they can also experience a detrimental data breach due to a ransomware attack - one that has grown significantly in recent years.
But how can you fight an unseen, growing monster? Like the vaccine developed for COVID-19, the answer lies in developing a plan and taking action to prevent an attack before it has the chance to spread – and in having a safety net ready in the event of infection.
To protect a healthcare organization’s employees, patients, and data, a multifaceted defense system is required.
The typical initial infection is carried through a phishing email containing a link or attachment. Other infection opportunities include users inadvertently installing malware from the internet or from USB drives, and exploiting remote access using stolen or hacked credentials.
To defend against the initial phishing infection, there are a few steps an organization can take:
Data will be less secure at times to address the everyday aspects of sharing data with business partners, patients, employees and others. These standard business needs create the weak points that hackers are eager to exploit.
While prevention is the smartest strategy, it is not 100% effective.
When isolating data from the most recent fully developed underwriting year (2018), Coverys’ Cyber Liability and Protection Plus incurred losses increased over 110% relative to the previous four-year average – a number which demonstrates the need for a solid contingency strategy in the event of a cyberattack.
Just as healthcare organizations have a written plan for responding to potential natural disasters, they should also have a written plan for responding to potential data breaches. Therefore, it is equally important to be properly insured. Because in the age of technology and remote work, the question isn’t if, but when an attack will occur.
In the event of a breach, both your organization and your board could face lawsuits. There may be some overlap between D&O, general liability, and cyber policies, but one should not assume that one policy type will provide all the coverage needed if an attack occurs. Check D&O and general liability policies to see whether they cover cyber events, as well as cyber policies to see whether they cover board members within the Definition of Insured. Consult with your organization’s insurance broker to assess whether your insurance coverages meet your organization’s needs.
As more workers become remote and health organizations continue to make the shift to be more connected technologically due to the COVID-19 pandemic, the risk of ransomware attacks, as well as other forms of cyberattacks, has grown.
In fact, when examining the ransomware claims experience of Coverys insureds, Coverys’ ransomware claims increased over 66% compared to the average of the past four underwriting years.
Not only do businesses risk data being locked or having to pay a ransom, they can also experience a detrimental data breach due to a ransomware attack - one that has grown significantly in recent years.
But how can you fight an unseen, growing monster? Like the vaccine developed for COVID-19, the answer lies in developing a plan and taking action to prevent an attack before it has the chance to spread – and in having a safety net ready in the event of infection.
To protect a healthcare organization’s employees, patients, and data, a multifaceted defense system is required.
The typical initial infection is carried through a phishing email containing a link or attachment. Other infection opportunities include users inadvertently installing malware from the internet or from USB drives, and exploiting remote access using stolen or hacked credentials.
To defend against the initial phishing infection, there are a few steps an organization can take:
- Provide security awareness training to educate employees not to click on links or open attachments from suspicious senders and without carefully inspecting emails for signs of phishing.
- Provide for phishing and spam filtering at the mail gateway.
- Don't install/run programs unless they're from a reputable source.
- Restrict the ability of end-users to install software themselves or only allow installation from whitelisted sources.
- Only allow the use of trusted USB drives and don't allow execution from USB drives.
- Implement endpoint detection and response products to stop malicious code from executing.
- Require strong, unique passwords and multifactor authentication.
- Domain Name System filtering.
- Next-generation firewalls used to block unauthorized egress traffic.
- Reduce access privileges so users have the minimum access that they need in order to do their job.
- Regularly patch operating systems and applications, including web browsers.
- Harden endpoint systems and the use of endpoint detection and response products to stop malicious code from executing and privilege execution.
- Encryption.
- Audit logs.
- Regular backups and testing of those backups.
Data will be less secure at times to address the everyday aspects of sharing data with business partners, patients, employees and others. These standard business needs create the weak points that hackers are eager to exploit.
While prevention is the smartest strategy, it is not 100% effective.
When isolating data from the most recent fully developed underwriting year (2018), Coverys’ Cyber Liability and Protection Plus incurred losses increased over 110% relative to the previous four-year average – a number which demonstrates the need for a solid contingency strategy in the event of a cyberattack.
Just as healthcare organizations have a written plan for responding to potential natural disasters, they should also have a written plan for responding to potential data breaches. Therefore, it is equally important to be properly insured. Because in the age of technology and remote work, the question isn’t if, but when an attack will occur.
In the event of a breach, both your organization and your board could face lawsuits. There may be some overlap between D&O, general liability, and cyber policies, but one should not assume that one policy type will provide all the coverage needed if an attack occurs. Check D&O and general liability policies to see whether they cover cyber events, as well as cyber policies to see whether they cover board members within the Definition of Insured. Consult with your organization’s insurance broker to assess whether your insurance coverages meet your organization’s needs.