By Jim Davis, WisMed Assure Vice President Medical Professional
As companies shifted to more virtual work, cybercriminals took advantage of every slight vulnerability. So, let’s review some cyber security basics, specifically focusing on why health care professionals and organizations are the most vulnerable to cyberattacks, what their greatest vulnerabilities are and what risk mitigation you must have in place to even qualify for insurance these days.
Most Common Cyberattacks
Cyberattacks impact businesses of all sizes, from global corporations to small startups. Though smaller businesses may think they are too small to be targeted, it’s quite the opposite. Cybercriminals specifically target smaller health care facilities knowing that they are unlikely to have implemented adequate endpoint security. Most successful cyberattacks occur because of human error. It only takes one exposed file or answered phishing email to cause a massive data breach. These are the most common cyberattacks:
- Ransomware – This malware denies the victim access to their data unless they pay a ransom to the attackers.
- Phishing – This attack consists of fraudulent emails sent inconspicuously with malicious files attached intended to gain access to the victim’s device.
- Password Attack – By accessing a victim’s password, cybercriminals can gain entry to critical data and computer systems.
- Denial of Service (DoS) Attack – In this attack, cybercriminals flood systems and networks with traffic to overload its bandwidth so the owners are not able to operate their system.
- Internet of Things (IoT) Attack – Hackers can gain entry through any end point and then access other devices in the network.
Most Targeted Industries
Cyber perils are currently the most significant concern for all industries, but some business sectors are hit harder than others. According to Forbes, this is the rate that cyberattacks have increased from 2020 to 2021.
- Health care – 71%
- Insurance/Legal – 68%
- Internet Service Providers – 67%
- Financial/Banking – 53%
- Government – 47%
Top Five Underwriting Requirements
The basic requirements that need to be in place for an insurance carrier to underwrite cyber liability insurance for medium to large health care facilities is unchanged for 2022, and are as follows:
- MFA/Multifactor Authentication – a security process that requires two or more validation factors to verify a user’s identity, such as a six-digit code via a mobile phone in addition to a username and password.
- Cloud based back-ups.
- Ability to bring systems back up within 10 days.
- Ongoing phishing training.
- Endpoint Detection & Response System (EDR) – an endpoint is any device that is physically an end point on the network, such as laptops, tablets and mobile phones. These end points can be entry points for a cyber breach. EDRs continuously monitor and identify threats to contain and remove them. EDRs should also be cloud based.
For additional information regarding cyber liability insurance, contact Jim Davis at jim.davis@wismedassure.org or call 608.442.3728.