The U.S. health insurance industry faces increasing risks from cybersecurity threats due to the increasingly sophisticated techniques used by cybercriminals in the expansion of remote healthcare delivery and the increasing digitization of insurance transactions, clinical records and billing.
Health insurers and related third parties who fail to inventory and protect sensitive customer information face increased financial, reputational, operational and regulatory risks from cyber attacks, according to Fitch Ratings.
Health insurers process large amounts of sensitive data when processing claims or downloading patient information. This data is protected by federal laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Various laws in the United States, such as health information technology for economic and clinical health (HITECH) the 2009 Act and the Patient Protection and Affordable Care Act (APACA) has fostered increased digitization of health records.
Health insurers sensitive to cyber attacks
This data makes insurers a prime target for phishing, ransomware or man-in-the-middle attacks. For insurance networks, there is a risk of malware being inserted into legitimate data with each interaction with a customer or a third party. Networks of healthcare providers are susceptible to breaches, with risks increasing as more providers and their employees work remotely.
In addition, personal medical monitoring devices often do not have built-in security features to accompany Internet access, allowing external access to health and patient records.
The increased uptake of remote health services brought on by the pandemic has improved patient access to care, which could improve clinical outcomes and reduce insurance costs in the long term. However, this increased reliance on technology has also increased exposure to third-party software systems and vendors.
Insurers pay close attention to and devote significant resources to data security, recognizing the tremendous value of identifiable health data to cybercriminals and the growing financial and reputational repercussions of a successful intrusion.
However, their systems are certainly not impenetrable, as evidenced by the notable breaches of recent years, and remain exposed through interactions with external parties such as vendors and third-party vendors who may not have the resources to protect themselves. against sophisticated attacks.
Ransomware attack insurance claims increase
Cyber security is a huge administrative expense and can reduce returns with the increasing frequency of attacks. The key to reducing risk is identifying gaps in the areas of security and IT systems where the risks to critical assets are greatest, including hardware and software on mobile devices, laptops, computers, and computers. workstations and servers.
Insurance claims related to ransomware attacks have increased dramatically, prompting operators to increase premiums and change terms and conditions, including increasing deductibles and offering lower coverage. Price increases for cyber coverage have accelerated over the past two years. The Council of Insurance Agents & Brokers recently reported that cyber coverage renewal rates rose an average of 18% in the first quarter of 2021. All of these costs increase the administrative burden for health insurers and increase premium rates for health insurers. health care consumers.