A recent analysis of 2017 cyber claims data unearthed some compelling findings. The report, 2018 Cyber Claims Digest, which was produced by NAS Insurance, found that for the healthcare industry negligence by employees or third-party service providers continued to be the most common cause of loss. The same was not true for non-healthcare organizations, where a hacking attack was the most common cause.
However, the second most common cause of loss was the same for both groups: ransomware.
“The methods used for ransomware attacks are becoming more sophisticated,” says Jeremy Barnett, senior vice president of marketing at NAS. “Spam email remains a tried and true method: one in six spam email messages comes bundled with ransomware. However, in 2017, criminals also tended to target specific companies.”
When sifting through the data, NAS identified some key claims from 2017 to illustrate how ransomware attacks can blindside a company. In a scenario in which a healthcare organization was targeted, employees of a hospital were not able to access their email accounts. After conducting an investigation, the hospital’s IT department discovered that a ransomware attack had infected 70 servers and 600 workstations.
“The hospital had to close operations for two business days and suffered losses in relation to the event,” Barnett says. “Cyber insurance covered a total loss of $567,350.”
That amount was distributed as follows:
Ransom Amount: $9,350 – The hospital was forced to pay the ransom demand from cyber criminals in order to regain access to their servers and workstations.
Data Recovery: $76,000 – Numerous employees had to work overtime to recreate lost data from back-ups.
Business Interruption Expenses: $65,000 - Several surgeries had to be cancelled resulting in loss of income.
IT Expenses: $417,000 – Consultants were retained to immediately address the ransomware attack, secure data, investigate if any patient health information was compromised, and rebuild the hospital’s network.
“Between 2016 and 2017, there was a 152% increase in ransomware as a cause of loss for healthcare cyber claims,” Barnett says. “The threat is typically to divulge or destroy information, to insert malicious code into a computer system or to damage, destroy or prevent access to a computer system. The monetary demand varies in both amount and the currency: the demand might seek payment in American dollars, a foreign currency or a cryptocurrency.”