Skip to main content

The healthcare sector is increasingly being targeted by cyber criminals who are threatening day-to-day work and compromising confidential patient data.

There are multiple reasons for this. Private patient information is highly sensitive and, by extension, highly valuable to cyber criminals.

As an industry, healthcare often continues to employ outdated technology which leaves them vulnerable to attacks. Despite the remarkable advances in medical technology, the IT systems deployed have not kept pace.

Furthermore, healthcare providers often have limited budgets for cybersecurity. The combination of high reward, multiple, weak entry points and limited security has seen cyber threat actors zero in on the sector with a series of high-profile breaches in recent years.

  • 25% of global healthcare business leaders surveyed said they are unpreparediii to face the current cyber threat.

    Healthcare businesses are also under scrutiny from regulators focused on protecting private customer data. For example, in the US, The Health Insurance Portability and Accountability Act (HIPAA) breach notification requirements place strict breach notification requirements on healthcare businesses. Any breach affecting over 500 individuals must be reported to the Office for Civil Rights (OCR)1, which in turn paints a target on the backs of these institutions for plaintiff lawyers.

     

  • The risks are further compounded by the advent of sophisticated tracking technologies and data privacy concerns. A surge in litigation, sparked by revelations that numerous hospitals had implemented tracking pixels on their websites, has led to hundreds of class actions filed against healthcare entities.

    These pixels, often unbeknownst to patients, can share intimate details of their health concerns with third parties, breaching patient trust and privacy. As they grapple with regulatory pressures, budgetary constraints, and the increasing sophistication of cyber criminals, healthcare providers must remain vigilant and proactive in their cybersecurity efforts.

  • “Hackers and Plaintiff lawyers are targeting healthcare. Two or three years ago, you would not get a data breach class action unless there were at least 500,000 people whose data had been exposed. Today we see class actions being filed when only 1,000 people’s information was disclosed.” 

    Katherine Heaton
    Claims Focus Group Leader - Cyber Services & InfoSec Claims

[iii] Not very well prepared’ and ‘Not at all prepared’ answers combined.
1- Breach Reporting | HHS.gov 

The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. BZ CBR 119.