In the past 3 years, AIG has processed over 4000 cybersecurity insurance claims

Cyberattacks on organizations within the healthcare vertical have been increasing over the past decade. Medical devices are highly connected, offering physicians better oversight of patient care. The added connectivity also increases the attack surface. Compound this with many medical devices running on unsupported, outdated operating systems with known vulnerabilities, and the risk level soars.

• Insurance coverage is dependent on controls in these areas:

Data Restoration

Multi factor authentication

Training and Phishing

Vulnerability Management

Privileged User Management

• All cybersecurity insurance claims had common factors:

Microsoft Active Directory –100%

Email compromise ->90%

• Any file transfer system is a major risk factor:

File transfer systems should not be file stores –if there is more than 7 days of data on file transfer systems, the client cannot be categorized as best in class. MoveIt along impacted over 340 organizations, and over 18 million people.

On May 31, 2023, a Progress Software (formerly IPSwitch) published a notification disclosing that a critical vulnerability exists in their MOVEit Transfer software, which could result in unauthorized access and privilege escalation. The vulnerability is a SQL injection flaw that allows for escalated privileges and potential unauthorized access. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.

The software is used by multiple organizations in the HPH sector, including hospitals, clinics, and health insurance groups. Sensitive information such as medical records, bank records, social security numbers, and addresses are at risk if this vulnerability is leveraged. The targeted organization could be subject to extortion by finanicial motivated threat groups.

The probability of cyber threat actors targeting the healthcare industry remains high. Prioritizing security by maintaining awareness of the threat landscape, assessing their situation, and providing staff with tools and resources necessary to prevent an cyberattack remains the best way forward for healthcare organizations.

Please reach out to us to schedule a third party risk assessment to analyze your security https://www.itconinc.com/contact/.