Skip to main content

As the situation in Ukraine evolves, businesses should be mindful of potential risks to their people, assets, operations, or supply chains in the region and globally. Marsh, as part of the Marsh McLennan family of companies, has created a page with information, tools, and resources related to the Russia-Ukraine conflict. Please visit the page for the latest information.

October 20, 2023

Strengthening your health care organization's cybersecurity

Sara Bennett

In today's digital world, health care faces growing challenges in protecting sensitive patient data from cyber threats. As technology continues to advance, so do the risks associated with it. Reflecting on cyberattacks in the health care sector, health care organizations in the United States experienced an alarming average of 1,410 weekly cyberattacks per organization in 2022. This figure represents a staggering 86% increase compared to the previous year.

Beyond that, cyberattacks can be shockingly costly. According to the 2022 Cost of a Data Breach Report by the Ponemon Institute, the typical expense associated with a single data breach in the health care sector was $10.10 million.

One might wonder why hackers seem particularly drawn to targeting hospitals. The answer lies in their perception that these institutions often lack robust cybersecurity resources. Smaller hospitals are in a precarious position due to limited funding and understaffing, making them highly susceptible to sophisticated cyberattacks.

Here, we will explore critical insights into cybersecurity in health care, focusing on market trends, common threats, and practical solutions to help health care organizations safeguard their data.

Increasing market capacity and stabilizing rates

The capacity to obtain cybersecurity insurance is rising, and the pricing rates are becoming more stable. This is excellent news for organizations that have strong security controls in place. With this stability, many health care organizations opt to increase their insurance limits or reduce their self-insured retention.

This means that organizations can leverage their insurance coverage more effectively. This can result in broader coverage and reduced pricing when it's time to renew their policies.

The threat of ransomware

Ransomware is the number one cyber threat, and it continues to trouble health care organizations. So much so that according to a survey conducted by Arcserve, 45% of health care respondents experienced a cyberattack in the past 12 months. Typically, cybercriminals gain initial access to data through phishing attacks. Phishing attacks involve baiting someone into clicking on a harmful link. Health care needs a strong defense against this as it’s the predominant cause of cyberattacks. In fact, according to the Verizon 2023 Data Breach Investigations Report, 74% of incidents involved human error.

The problem is urgent as well. The marketplace is seeing more frequent and severe cyberattacks. To protect against this, organizations need to have strong security controls in place and a plan ready should a breach occur. We’ve even put together a list of top security controls to help you get started.

Privacy concerns on the rise

Privacy violations are a hot topic in the insurance world, especially laws such as the Biometric Information Privacy Act and Video Privacy Protection Act. There's also a growing concern about website tracking, including pixel tracking (i.e., using pixel-sized images to track user data on a webpage).

The concern is certainly warranted. Based on Marsh data, claims related to privacy violations have almost doubled in just one quarter and many lawsuits have been filed. Insurance companies are even considering excluding coverage for these issues in the future.

Regarding website tracking, organizations must weigh the benefits against the potential costs. The goal of this is to better understand how users behave. However, the Federal Trade Commission is concerned with the unavoidable and vague collection of sensitive data that bad actors can potentially access.

How Marsh McLennan Agency can help

Our Cyber Risk Practice helps you be more informed to prevent and prepare for security and privacy events. We have access to numerous proprietary cybersecurity assessments and analytics that can be customized to your unique environment and industry. This allows you to better identify and quantify risks. In addition, this process enables you to enter the cyber insurance market for a more informed, streamlined underwriting process. This affords you the ability to optimize insurance coverage breadth and rates.  

Our cyber coverage specialists also ensure you have the proper coverage. They compare your cybersecurity programs with others in the same industry to determine the right insurance limits and retentions.

Think of us as your cybersecurity coach, making sure you have the optimal protection in the game.

Ultimately, the health care sector faces growing cyber threats, but there are ways to protect against them. With the right cybersecurity practices and insurance solutions, organizations can navigate the ever-changing landscape of cyber threats and ensure the safety of their patients' data. Marsh McLennan Agency's services are a valuable resource in this mission to keep health care data secure and patients' trust intact.

Download our Business Insurance Trends report and reach out to a cyber colleague today to learn how we can help your organization strengthen its cybersecurity posture.

Download report here.