Huntress: Cyber Insurance, Risks and Pressures in Healthcare

Share
Cyber insurance company Huntress, sheds light on cyber protection in the healthcare industry
Christopher Henderson, Senior Director of Threat Ops at cybersecurity company Huntress, explains how the Healthcare sector tackles rising cyber threats

The healthcare industry faces mounting cybersecurity challenges, with approximately 133 million data breaches reported in 2023 alone.

This surge in attacks has prompted cyber insurers to reassess their risk models and underwriting processes, leading to stricter requirements for healthcare organisations seeking coverage.

Christopher Henderson, Senior Director of Threat Ops at Huntress, a cybersecurity firm that supports internal and external IT teams, explains the unique nature of cyber insurance: "Fires aren't actively trying to find better ways to burn your house down.

“In cyber insurance, you're working against an adversary capable of developing and pivoting faster than a policy might expire."

Evolving insurance requirements

Cyber insurers are increasingly relying on threat intelligence from past breaches, incident response firms and both open-source and closed-source intelligence to update their risk models and identify effective controls.

Christopher notes: "Cyber insurers are looking to ensure that your IT help desk has written procedures and policies to dictate that the person calling to reset a password, set up multi-factor authentication and so on, is who they say they are."

These new requirements reflect the growing trend of breaches initiated through social engineering attacks on IT teams to gain administrative credentials.

Yet as threats evolve, Christopher anticipates even stricter insurance requirements: "We may start to see insurers eventually requiring third-party audits before securing a policy.

Christopher Henderson, Senior Director of Threat Ops at Huntress

“I could also see cyber insurance underwriting moving to a maximum 6-month or even quarterly policy, in order to keep up with the pace of risk modelling and the speed of threat evolution."

Regulatory pressures and consolidation risks

The consolidation of healthcare providers is leading to a concentration of risk, prompting increased regulatory scrutiny.

Christopher explains: "As healthcare consolidates, risk consolidates, regulatory pressure is going to build around acquisition speed and the diligence of post-acquisition governance and security."

Healthcare organisations face unique challenges in implementing cybersecurity measures. "We need to realise that doctors and nurses are running around literally saving lives," Christopher emphasises.

"This really isn't a population that has the luxury of taking time to pay more attention to cybersecurity."

To address these challenges, healthcare providers will need to invest in robust platforms and personnel to strengthen their defences.

Rising costs and premium increases

The healthcare sector can expect cyber insurance premiums to continue rising due to the escalating threat landscape.

Youtube Placeholder

Christopher says: "We're playing catch up at all times and risk profiles, models and more are almost never in balance with the reality of the threat landscape.
“In those millions of healthcare data breaches last year, the cost clocked in at an average of around US$10.9m."

Cyber attacks are increasingly sophisticated, utilising techniques such as phishing and leveraging legitimate tools like remote monitoring and management software.

While cyber insurance cannot prevent attacks, it can provide crucial support in the aftermath.

Christopher explains: "Cyber insurance won't negate the damages done when an attack occurs, but it can supply things like an incident response provider, legal counsel or even ransomware negotiation."

For healthcare organisations seeking cyber insurance, the risk assessment portion of the underwriting process is just the beginning.

Christopher advises: "Healthcare organisations should look at cyber insurance as absolutely necessary - but do what they can to get ahead of the process through looking critically at the cost to implement controls, their risk level, compliance factors and of course, how consolidation is affecting their security."

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Palo Alto Networks, Deloitte and The Push to Platformization

By expanding their partnership to EMEA, Palo Alto Networks is bringing to Deloitte the platformization needed in the modern cybersphere

Insurers Now Spotlighting Identity and Privilege Compromises

Delinea's latest survey reveals a sharp rise in cybersecurity insurance claims, pushing for advanced identity protection measures. Dive into how AI and met

Trend Micro Address AI Threat to Mobile Users with New App

Trend Micro Check is an all-in-one solution that recognises the threats that deepfakes are now posing to mobile users in elaborate scams

Solarwinds CISO Wants Global Cyber Laws After Winning Case

Cyber Security

Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Hacking & Malware

Cloudhouse Head Talks Laws Incoming After Crowdstrike Outage

Operational Security