The health insurance industry in the US is now facing an increased risk of cyber threat attacks due to the rise of sophisticated exploitative techniques being used and developed by cybercriminals and fraudsters. This is due to the expansion of industries towards online digitization in conducting transactions, billing, and client records.
Health insurers or related third parties still fail to conduct inventory and develop a security strategy to protect sensitive client data from cyber threats. This increases financial, operational, regulatory, and reputational risks from cyber-attacks.
Health insurance companies handle a vast amount of sensitive information to process benefit claims or patient data uploads.
These sensitive private data are protected by the laws such as HIPPA (Health Insurance Portability and Accountability Act of 1996), HITECH (Health Information Technology for Economic and Clinical Health Act of 2009), and Patient Protection and Affordable Care Act (PPACA) that promoted the increase of digitized health records.
Many health insurers are susceptible to attacks. The sensitive data obtained from insurers make them a sought-after target for ransomware, malware, MITM (man-in-the-middle), and phishing. There is a chance where malware is embedded within legitimate data that can infiltrate clients or even a third party through each transaction. Healthcare provider networks are also susceptible to data breaches while cyber risks rise as more staff and employees work remotely.
In addition to these risks, most personal medical tracking devices and monitors often do not have security features on internet access, enabling outside access to patient records.
The increase of reliance on technologies heightened the exposure to third-party apps and systems. Third-party vendor systems are penetrable, as seen in notable breaches in recent years.
The Council of Insurance Agents and Brokers stated that the cost of the renewal of cyber coverage has accelerated in the past two years. There is also a significant rise in insurance claims related to ransomware attacks, leading to increased administrative costs, which burden health insurers. This prompted carriers to raise premium prices and change their terms and conditions, including lower coverage provisions and rising deductibles.