Getting your Trinity Audio player ready...
null

Over the past decade, the healthcare sector has emerged as a significant and growing target for cyber attacks. Cyber attacks on medical-related institutions and organisations have become almost commonplace — in Australia, 41% of healthcare organisations sustained a cyber attack in 2023 and 102 data breaches were reported by the healthcare sector between January and June 2024 alone1.

In July 2024, prescription delivery service MediSecure confirmed hackers had stolen the data of 12.9 million Australians in one of the largest breaches in the country's history2. In October 2024, the Lockbit ransomware gang claimed to have stolen 65 gigabytes of data from West Australian aged-care provider TPG Aged Care3.

As cybercriminals shift to extensive extortion tactics, there has been a surge in ransomware attacks that also compromise backups. Data breaches are both disruptive and costly for healthcare providers. Medibank has estimated the cost of cleaning up and remediating its systems after its 2022 cyber attack at over $126 million4.

Why the healthcare sector is vulnerable to cyber attacks

The sensitive information healthcare organisations store has high extortion value. Healthcare being not just essential but also attractive as a cyber target is vulnerable due to relatively lower investment in security measures compared to the finance sector, for example, and potential technical weaknesses in legacy systems and supply chains.

Cyber attacks targeting these systems and the associated data can disrupt normal operations, leading to loss of function for essential computers, MRI scanners, refrigerators for blood and plasma, CT machines, intravenous pumps and other operating-theatre equipment.

Many healthcare cyber attacks have shown how dependent healthcare companies are on their third-party suppliers as digital systems are outsourced and moved to the cloud. A major outage can impact IT systems globally, affecting hospitals and other healthcare providers.

Rise of politically motivated cyber attacks: insurance perspective

The targeting of hospital and healthcare systems is a means for state and state-sponsored actors to inflict harm via a general breakdown in the delivery of healthcare services, without engaging in open hostilities.

Apart from patient and personnel information, healthcare facilities rely heavily on digital systems for workforce planning, appointment scheduling, end-to-end patient care, recordkeeping and medical equipment management. A worst case risk scenario would result in significant systemic healthcare service disruption, with widespread data loss and immediate impacts on direct clinical care.

While the sector is improving its investment in and approach to cyber security, the threat of politically motivated attacks targeting healthcare and other critical entities remains high.

Building proactive healthcare cyber defence

The growth of disruptive healthcare cyber attacks highlights the essential need for all organisations to review legacy systems and adopt robust security controls, including:

  • entity-wide multi-factor authorisation (MFA), accompanied by training to ensure it is neither avoided nor disabled
  • privileged access management tools
  • the implementation of end-point detection and response tools over 100% of the IT ecosystem to monitor and defend against anything out of the ordinary
  • regular, comprehensive, air-gapped backups and excellent backup hygiene
  • a continuous cyber education program teaching and reinforcing best practices across the organisation through activities such as simulated phishing attacks.

The role of insurance in cyber protection for the healthcare sector

Inevitably, the changing threat landscape is reflected in cyber insurance coverage wordings and exclusions.

With attackers shifting their focus to vulnerabilities across an organisation's complex supply chain, a robust security posture is no longer enough.

In the event of a cyber attack, a robust cyber insurance policy provides access to experts not only in negotiation but also in forensic investigation and remediation measures, as well as cover for the legal and reputational costs involved.

How Gallagher can help

Brokers remain a critical source of guidance on coverage. In addition to cyber insurance protection, Gallagher offers expertise, advice and resources for building business resilience to withstand cyber security incidents.

Connect with us

Sources

1 "Healthcare Cybersecurity, Data Breach & Cybercrime Statistics in Australia," eftsure, 11 Dec 2024.

2 "Nearly 13 million Australians impacted by MediSecure data breach," newsGP, 18 Jul 2024.

3 "Exclusive: West Australian aged-care provider hit by alleged LockBit ransomware attack," cyberdaily, 09 Oct 2024.

4 "Medibank's cyber costs to reach $126m by next year as cyber uplift reaches completion," cyberdaily, 22 Aug 2024.

Disclaimer

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312