U.S. health insurers’ customer data at risk of cyber theft

Share
Due to sophisticated techniques used by cybercriminals, the U.S. health insurance industry is facing increasing cyber threats to their customer data

The U.S health insurance industry is facing increasing risks from cybercriminals jeopardising the security of their customer data. This is reportedly due to the sophisticated techniques used by hackers to gain access to private information, made easier by the expansion of remote healthcare delivery and digitisation of insurance transactions, billing, and clinical records. 

Processing claims and uploading patient information to IT systems means that health insurers handle vast amounts of sensitive data on a daily basis that cybercriminals look to obtain. However, this type of data is protected in the U.S. by federal laws such as the Health Insurance Portability and Accountability Act (HIPAA) 1996, while other acts of law the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Patient Protection and Affordable Care Act (PPACA) have contributed to the increase in digitisation of patient health records.

A target for phishing, ransomware, and “man-in-the-middle” attacks 

Due to the data health insurers store, they have become an ideal target for phishing scams, man-in-the-middle, and ransomware attacks. Hackers can gain access to health insurers’ data by inserting malware into legitimate data following an interaction, such as an email, with a customer. As more people in the health insurance industry work from home, the risk of having customer data stolen and used against insurers is rising. Complicating the problem further is the fact that personal medical tracking devices often do not contain built-in security features, allowing for relatively easy external access to patient records. 

However, the increase in the adoption of remote healthcare services brought on by the COVID-19 pandemic has meant improvements to patients’ healthcare access, which may reduce insurance costs long term. The downside to this is that the increased usage of technology has increased health insurers’ exposure to third-party vendors and software systems. 

How are health insurers protecting their customer data from cyberattacks? 

One way that health insurance companies are preventing cybercriminal activity is through investing in advanced cybersecurity products. From 2020-2025, the U.S. healthcare industry aims to spend more than US$125bn on cybersecurity services and products. Cybersecurity Ventures says that the key to reducing threats is to identify gaps in IT systems in which the risks to critical data are highest. This includes identifying areas in hardware and software on mobile devices, workstations, servers, and laptops. 

Ransomware-related insurance claims have also seen a rise, which has caused providers to change their terms and conditions and increase premiums. According to Fitch, price rises for cyber coverage “have accelerated over the past two years”, with renewal pricing for cyber coverage going up by 18% in the first quarter of 2021. 

 

 

As a result, the costs have put a significant administrative strain on health insurers, and have raised premium rates for their customers. To ensure the rates are reduced as much as possible, healthcare insurers can invest more in cybersecurity to prevent further attacks and disruption.

 

Share

Featured Articles

Pegasystems: How AI Revolutionises the Insurance Industry

Manoj Pant of Pegasystems discusses how AI and Gen AI are transforming customer service and personalisation in UK insurance sector

Zego's Business Van Insurance: Protection for Tradespeople

For today’s businesses, commercial vehicles are more than just a means of transport — they’re essential tools for getting the job done

Huntress: Data Protection & Cyber Insurance in Healthcare

The role of cyber insurance in healthcare, according to Christopher Henderson, Senior Director of Threat Ops at cybersecurity company Huntress

MoneyNext: Banking Transformation Summit

Insurtech

Streamlining Claims: How AXA UK is Leading the Charge

Insurtech

Swiss Re Expands Gen AI Partnership with mea Platform

Insurtech