As famed bank robber (and Eastern State Penitentiary escapee) Willie Sutton is rumored to have quipped, “Because that’s where the money is.” Insurers, by the very nature of the business, collect and hold high-value consumer information, such as sensitive personal information, health information and payment card information.
“Excellus, a prominent health insurance company operating in the United States, has announced that it has fallen victim to a data breach. The cyber attack affected Excellus as well as several of its affiliates, which may have lead to the information of some 10.5 million people being compromised. According to Excellus CEO Christopher Booth, the company was targeted by a “very sophisticated” cyber attack, making Excellus one of the most recent insurers to fall victim to a major data breach.”
There is a clear need for a better understanding of cybersecurity within the insurance industry. The current lack of proper measures to prevent hackers from breaching their data is worrying. This leads to a significant exposure to several risks including infrastructure vulnerability, identity theft, and malicious codes of systemic infection.
It is important for insurance companies to invest in efficient, professional, and specialized cyber security infrastructure. The development and implementation of data security protocols is essential too. In addition, companies can’t forget to educate employees and partners on how to detect suspicious activity or malicious software.
The Insurance industry is one of the richest data-driven businesses there are. They collect their customers’ financial, medical, professional, and personal information. This is why they have the obligation to protect such data and keep it safe. Consequently, cyber-attacks to insurance companies can be devastating and put at risk millions of people’s information.
During last year, we saw some of the worst cyber-attacks in history, with the NotPetya attack costing billions of dollars. This malicious ransomware attacked hundreds of companies around the world. Such vulnerability within the insurance industry could be as destructive, or even more than NotPetya was.
Cyber-attacks to insurance companies target one specific branch of the business. According to WebMD, hackers are targeting medical data and health insurance providers are particularly at risk. From all the data breaches that took place between 2010 and 2017, 63% of them involved medical data. This represents a total of 132 million medical records hackers breached that year.
The most damaging cyber-attacks to insurance companies, however, were detected during 2015. Insurance providers such as Anthem, Premera Blue Cross, and CareFirst Blue Cross Blue Shield had almost 100 million records stolen during cyber-attacks. Not only that but in 2017 Anthem confirmed that the records of 18,500 customers had been compromised too.
Despite the amount of sensitive information insurance companies have collected for years, digitalization of the business caught insurers off guard. This creates several challenges that insurance companies are currently facing. Even when several insurers are investing more in cybersecurity, there are still weak areas within the business that hackers take advantage of.
Cyber Forza understands the importance of integration, protection, workflow, intelligence and compliance for Insurance companies. Cyber Forza suite of products goes beyond what traditional vendors have been providing to ensure the client records and reputation is protected.