For the first time in years, the amount paid out to ransomware attacks decreased dramatically between 2021 and 2022. This is promising news for industries experiencing record-high attacks during the pandemic, as an estimated 35% of the global workforce was required to adapt to working remotely (TitanFile, 2022). This change in the work environment left critical data and infrastructure more exposed to attacks.
In 2022, ransomware payouts totaled $457 million, an astounding 40% drop from the previous year (Schwartz, 2023). More interestingly, ransomware attacks were not the most common cyberattack method detected in 2022. IBM has reported that only 17% of cyberattacks were ransomware in 2022 (IBM, 2023). In comparison, the majority-21%-of incidents saw backdoors being deployed (IBM, 2023).
Backdoors are often considered the precursor to ransomware as they allow bad actors to infiltrate your systems remotely. Fortunately, with more backdoors being identified early on, 67% of the identified backdoor cases failed as IT security was able to disrupt the backdoor before any actual harm could occur (IBM, 2023). The sharp decline in ransomware payouts and the quick response to threats can be attributed to security practices that help prevent breaches and more support from government officials for victims of an attack.
Unfortunately, even with smaller payouts and improvements in identifying threats, the number of attacks remains consistent, and healthcare continues to bear the brunt of the cybercrime storm. Due to the sensitive data stored in patient health records, healthcare has long been a prime target for cybercriminals. Large payouts and the continued exposure have wreaked havoc on the cyber insurance market.
When cyber coverage was originally introduced, it was no more than an add-on for other policies. But since the early 2000s, technology has evolved at an unprecedented rate. Those initial premiums and limited coverage options were not robust enough to prepare for the onslaught of claims. This early underwriting miscalculation has necessitated insurance companies to change their policy premiums and prerequisites drastically. Beginning in 2019, some premiums experienced double-digit increases, and insurance companies began instituting new cybersecurity measures that had to be implemented to secure or maintain coverage (Reed, 2023).
The hikes in premiums have been hard on small to medium-sized practices as they have less revenue than large hospital groups. Thankfully, according to Property Casualty 360, cyber insurance costs are finally stabilizing in the first quarter of 2023 (Reed, 2023). The stricter requirements for coverage have also added the benefit of making a healthcare facility more prepared against an attack. Security measures like multi-factor authentication, cyber security training, and data backup are all aiding in abetting cyberattacks.
While healthcare faces its share of cyber-related tribulations, we are at least seeing progress in the fight against cybercrime and rising premiums. These are positive signs that the industry can curb cyber threats with diligence, continued training, and better infrastructure. The best action plan is to stay the course, remain vigilant for threats, and stay informed on the best cybersecurity practices.
IBM (2023). IBM Security X-Force Threat Intelligence Index 2023. Report [Website]. Retrieved from: IBM Security X-Force Threat Intelligence Index 2023 | IBM
Reed, Tina. (March 6, 2023). As Cyber Attacks on Health Care Soar, so Does the Cost of Cyber Insurance. Article [Website]. Retrieved from: As cyber attacks on health care soar, so does the cost of cyber insurance (axios.com)
Schwartz, Mathew. (February 27, 2023). Healthcare Most Hit by Ransomware Last Year, FBI Finds. Article [Website]. Retrieved from: Healthcare Most Hit by Ransomware Last Year, FBI Finds (bankinfosecurity.com)
TitanFile. (July 22, 2022). The Top 10 Cyber Security Threats of 2022. Article [Website]. Retrieved from: Top 10 Cybersecurity Threats of 2022 - TitanFile