With $2 billion in premiums written in cyber insurance in 2014, up from $1 billion in 2013 and CAGRs projected to be 50-100 percent in coming years, healthcare topped the list followed in order by education, hospitality and gaming. Peter Beshar, general counsel for Marsh & McLennan, a leading risk analysis company, presented these facts before the U.S. Senate Committee on Homeland Security & Governmental Affairs on January 28, 2015. Most of the premiums in healthcare were paid by healthcare insurers who are seeking protection that include costs associated with a data breach, business interruptions and third-party costs.
On the provider side, cyber criminals are targeting the healthcare industry because medical identity theft can be up to five hundred times more lucrative than the theft of a credit card number. Some startling facts:
- Criminal cyber attacks on healthcare systems have risen a startling 100 percent, since 2010.
- As of July, 2014, an estimated 1.5 million Americans have been affected by medical identify theft, averaging $20,663 per victim, $1.4 Billion to notify 6.9 million who have been effected.
- 28% of malicious cyber attacks have targeted provider organizations, health plans, drug makers and other entities - of these, 72% have targeted hospitals, clinics, large group practices and individual providers.
Most notable among these attacks was the theft of 4.5 million health records at Community Health Systems ‒ the second largest hospital chain in the country and the cyber attack on Boston Children’s Hospital.
As healthcare becomes increasingly digitized and more devices become network attached, attachable or aware, leaders are accepting the fact that the risk of being hacked is unavoidable and that insurance is not the only thing they need.