U.S. health insurers’ customer data at risk of cyber theft
The U.S health insurance industry is facing increasing risks from cybercriminals jeopardising the security of their customer data. This is reportedly due to the sophisticated techniques used by hackers to gain access to private information, made easier by the expansion of remote healthcare delivery and digitisation of insurance transactions, billing, and clinical records.
Processing claims and uploading patient information to IT systems means that health insurers handle vast amounts of sensitive data on a daily basis that cybercriminals look to obtain. However, this type of data is protected in the U.S. by federal laws such as the Health Insurance Portability and Accountability Act (HIPAA) 1996, while other acts of law the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Patient Protection and Affordable Care Act (PPACA) have contributed to the increase in digitisation of patient health records.
A target for phishing, ransomware, and “man-in-the-middle” attacks
Due to the data health insurers store, they have become an ideal target for phishing scams, man-in-the-middle, and ransomware attacks. Hackers can gain access to health insurers’ data by inserting malware into legitimate data following an interaction, such as an email, with a customer. As more people in the health insurance industry work from home, the risk of having customer data stolen and used against insurers is rising. Complicating the problem further is the fact that personal medical tracking devices often do not contain built-in security features, allowing for relatively easy external access to patient records.
However, the increase in the adoption of remote healthcare services brought on by the COVID-19 pandemic has meant improvements to patients’ healthcare access, which may reduce insurance costs long term. The downside to this is that the increased usage of technology has increased health insurers’ exposure to third-party vendors and software systems.
How are health insurers protecting their customer data from cyberattacks?
One way that health insurance companies are preventing cybercriminal activity is through investing in advanced cybersecurity products. From 2020-2025, the U.S. healthcare industry aims to spend more than US$125bn on cybersecurity services and products. Cybersecurity Ventures says that the key to reducing threats is to identify gaps in IT systems in which the risks to critical data are highest. This includes identifying areas in hardware and software on mobile devices, workstations, servers, and laptops.
Ransomware-related insurance claims have also seen a rise, which has caused providers to change their terms and conditions and increase premiums. According to Fitch, price rises for cyber coverage “have accelerated over the past two years”, with renewal pricing for cyber coverage going up by 18% in the first quarter of 2021.
As a result, the costs have put a significant administrative strain on health insurers, and have raised premium rates for their customers. To ensure the rates are reduced as much as possible, healthcare insurers can invest more in cybersecurity to prevent further attacks and disruption.
CB Insights: US Insurtechs Are Competing In A Global Market
In the first half of the year, insurtech companies around the world have raised US$7.4bn, nearly doubling their funding in Q2. According to Digital Insurance, insurtechs have raised US$4.8bn in Q2—an 89% increase in funding from Q1. But US firms are no longer the sole beneficiaries.
What Are the Stats?
Out of the 15 Q2 mega-rounds—those that top US$100mn—only eight included American firms. Pretty good, you might say. That’s over half! But US companies only made up 38% of the deals, which marks a 10% drop from Q1 and a 12% drop from 2020. Technically, therefore, US insurtechs are less influential than they’ve been in the past. But who says this is a bad development?
Despite my American citizenship, I’d argue that a more globally diverse insurance market is only for the best. Many of the world’s citizens who could most benefit from improved insurance services live outside of the States—and deserve local, tech-savvy services.
Why Does This Matter?
You’re always going to see the typical insurtech contenders from Western countries. For instance:
- German-based wefox: US$650mn Series C
- UK-based Bought By Many: US$350mn Series D
- US-based Collective Health: US$280mn Series F
But it’s critical that we address risk across the world. American insurtechs might be some of the most technologically skilled firms in the industry, but it’s not their first goal to address floods in Southeast Asia, crop destruction in China, and COVID complications in South Africa. That’s why we should celebrate that the recent Q2 round included insurtechs from 35 different countries.
According to CB Insights’ Q2 2021 Quarterly InsurTech Briefing, this was the first time that they’d observed insurtech activity in Botswana, Mali, Romania, Saudi Arabia, and Turkey. And ‘from a product, service, distribution, and underlying risk perspective, we—as a society and as an industry—are moving at an unprecedented speed’, says Dr. Andrew Johnston, Global Head of Willis Re InsurTech.
Just ask CB Insights. InsurTech value propositions have resonated with the world.