Healthcare systems rocked by labor and supply chain costs and broader economic difficulties have another difficult financial problem to manage: soaring cyber insurance costs.
Why is it important: That might not be sexy — or the first thing you think of when cybercriminals wreak havoc on hospital infrastructure. But the scale of the problem and the reluctance of insurers to cover losses from ransomware attacks are hitting hospitals in very real ways, Moody’s Investors Services points out.
Enlarge: Insurers have placed increased demands on healthcare systems to strengthen their defenses to secure coverage, such as strong data backup strategies, use of tools such as multi-factor authentication, employee training on network security and segmentation.
- They also create more complementary policies, experts tell Axios.
- “Social engineering attacks, such as phishing, remain one of the most effective ways to breach a hospital system. Labor remains the weakest link,” said Soumitra Bhuyan, associate professor at Rutgers University which studied cyber insurance trends in healthcare. “So many insurers treat social engineering as a separate policy extension.
- They also added major restrictions to coverage, including refusing to cover nation-state-backed cyberattacks.
- By the end of this month, global insurance and reinsurance market Lloyd’s of London will require all insurance groups to exclude state-sponsored cyberattacks from their policies.
- “With the increased rates and limited coverage, small independent and rural hospitals are at a significant disadvantage in obtaining cybersecurity insurance,” Bhuyan said.
- “The gap between those who have adequate resources to protect their information systems continues to grow,” Bhuyan said. “Many of these hospitals are critical access hospitals or hospitals in rural areas. They do not have enough resources to secure their IT systems and may be unable to recover in the event of a breach.”