Cyber Risk Management in Healthcare Organizations

This technical report outlines the significant cyber risks faced by healthcare organizations, emphasizing the importance of understanding these risks to enhance resilience and maximize insurance indemnification. It details various exposures, including IT supply chain dependencies, ransomware attacks, website tracking litigation, and evolving security regulations. The report highlights a notable ransomware attack in February 2024 that affected 190 million individuals, showcasing the extensive impact on the healthcare sector. It explains the legal landscape surrounding website tracking, noting the potential statutory penalties under existing laws. Additionally, the report discusses recent ransomware trends, with a focus on the financial implications of downtime and ransom demands. New security regulations proposed by HHS are also examined, along with the necessity for healthcare organizations to adapt their cyber insurance policies to address these evolving risks. The report concludes with recommendations for insurance buyers to ensure adequate coverage and to work with knowledgeable brokers to navigate the complexities of cyber insurance.