The newest cyber crime report reveals more and more damaging cyberattacks focusing on the insurance coverage trade
The insurance coverage trade’s sheer dimension and scope, together with the substantial quantity of delicate information it manages and shops, make the sector a first-rate goal for cyber crime. And with insurance coverage firms more and more shifting key processes to digital channels in recent times, the amount of cyberattacks towards the trade has likewise risen dramatically.
In this a part of our cyber crime report, Insurance Business lists down the newest cyberattacks focused on the insurance coverage trade. We will talk about the dimensions and magnitude of those assaults and the influence of the aftermath. This article may also clarify the commonest cyber threats hounding the sector and what companies can do to guard themselves.
This piece can function a helpful reference for each clients and insurance coverage professionals on the totally different threats the trade is going through and what cybersecurity measures they’ll take to mitigate the impacts of such assaults.
Bitmarck cyberattack
Date of assault: April 2023
Location: Germany
A cyberattack in late April 2023 prompted Bitmarck – a serious IT service supplier for Germany’s statutory medical insurance system – to take all its buyer and inside techniques offline. The transfer affected lots of the firm’s shoppers, notably those that depend on Bitmarck to difficulty their digital illness certificates, that are used within the nation to pay workers’ leaves.
Bitmarck didn’t reveal the character of the assault however introduced that affected person information was not “endangered.” The firm added that it will deliver again techniques on-line in a “cautious manner” to mitigate the cyber incident’s influence and danger to shoppers.
The cyberattack follows one other incident in January, during which private information – together with names, dates of start, and insurance coverage card ID numbers – belonging to greater than 300,000 policyholders had been stolen.
Point32Health ransomware incident
Date of assault: April 2023
Location: US
In mid-April 2023, the second-largest well being insurer in Massachusetts suffered main technical outages ensuing from a ransomware assault. The incident introduced down the corporate’s techniques that it makes use of to service members and suppliers, leading to some members having issue contacting their insurers.
The members who had been affected by the cyberattack had been largely these lined beneath the Harvard Pilgrim Health Care’s business plans and New Hampshire Medicare plans. Members beneath the Tufts Health Plan weren’t impacted.
Point32Health, the guardian firm of Harvard Pilgrim Health Care and Tufts Health Plan, suffered a ransomware assault on April 17. – https://t.co/6IfIF1PqlI
— HealthITSecurity (@SecurityHIT) April 20, 2023
Insurance Information Bureau of India cyber breach
Date of assault: April 2023
Location: India
IIB is the trade’s regulatory physique within the nation. The group’s newest figures present that India’s insurance coverage sector consists of 57 insurers – 24 within the life insurance coverage sector and 33 non-life carriers. These embody main manufacturers Aviva Life, Bajaj Allianz, Bharti AXA, Cigna TTK, Future Generali, Tata AIA Life, and TATA AIG.
Latitude Financial information breach
Date of assault: March 2023
Location: Australia and New Zealand
A document 14 million buyer data had been stolen in a cyberattack focusing on monetary companies big Latitude Financial, the corporate revealed in March 2023. The determine was far worse than the agency initially reported and included the next:
- About 7.9 million driver’s licence numbers, with some together with the licence holder’s title, tackle, telephone quantity, and date of start
- About 103,000 copies of driver’s licences or passports
- About 53,000 passport numbers
- Less than 100 month-to-month account statements
- Income and expense data used to evaluate round 900,000 mortgage purposes, together with about 308,000 checking account numbers (excluding passwords) and 143,000 bank card or bank card account numbers (excluding three-digit CVC or expiry date), with the “overwhelming majority” both closed or expired
According to New Zealand’s Office of the Privacy Commissioner, about 13% of the 7.9 million clients whose driver’s licence numbers had been compromised had been from the nation, which was equal to twenty% of its complete inhabitants. This makes the info breach the most important ever recorded in New Zealand with regards to the variety of affected people.
There had been additionally questions on why Latitude was holding on to that a lot information from former shoppers, which the corporate admitted dated again to 2005. The agency claims to deal with solely about 2.8 million buyer accounts, in keeping with its web site.
Latitude first disclosed the cyberattack mid-March, saying that the breach solely affected about 100,000 identification paperwork and 225,000 buyer data. The firm affords quite a lot of credit score choices, together with bank cards, private and automobile loans, and insurance coverage.
Capita cyberattack
Date of assault: March 2023
Location: UK
The fallout from a March cyberattack on UK-based IT companies supplier Capita has continued, with sources claiming that the incident affected as much as 350 pension funds. Personal information belonging to tens of millions of retirement savers may need been compromised, which might make the cyberattack the largest-ever within the nation’s historical past.
The Universities Superannuation Scheme (USS), the most important personal pension pot within the UK, had been amongst these affected. It claimed that about 470,000 of its members had their private data – together with names, dates of start, and National Insurance numbers – stolen by means of Capita’s software program.
According to Capita, the hack began “on or around” March 22 and was intercepted in March 31. In April, Russian-speaking cyber crime group Black Basta claimed duty for the info breach. The gang later posted passports, addresses, and checking account particulars that it claimed it stole from Capita’s servers. Capita, nevertheless, didn’t affirm the authenticity of the paperwork.
Capita can be one of many largest IT companies suppliers of the National Health Service (NHS) – the UK’s public healthcare system.
Capita has revealed an replace on its cyber assault. Data was taken from lower than 0.1% of its servers.The hack will value the enterprise as much as £20m pic.twitter.com/f1DwAdjWEK
— Katie Prescott (@kprescott) May 10, 2023
NationsBenefits information breach
Date of assault: January 2023
Location: US
In April 2023, Florida-based healthcare advantages supplier NationsBenefits disclosed that 1000’s of its members had their private data compromised in a late-January ransomware assault focusing on Fortra’s GoWherever platform, a file-transfer software program that the agency was utilizing.
According to information stories, ransomware gang Clop claimed duty for the assault, saying it took benefit of a beforehand unknown vulnerability to raid a number of GoWherever clients. The group added that it stole delicate information from over 100 organizations.
In a notification to affected shoppers, NationsBenefits stated that the info breach concerned key private information, together with:
- Full title
- Gender
- Health plan identification quantity
- Address
- Phone quantity
- Date of start
NationsBenefits offers medical insurance policyholders a variety of supplemental advantages, together with imaginative and prescient and listening to care, and over-the-counter medicine. The agency has greater than 20 million members throughout the US. It is a third-party vendor for medical insurance big Aetna, though it was unclear if Aetna members had been affected by the assault.
The sheer quantity of private and monetary information that insurance coverage firms possess makes them a horny goal for cyber crime teams. This was what the International Association of Insurance Supervisors (IAIS) revealed of their cyber danger paper.
According to the group, the kind of information – which incorporates private identifiable data (PII) – that insurers gather, course of, and retailer in substantial quantities, makes these firms particularly weak to cyberattacks. Cybercriminals are additionally salivating over the truth that insurance coverage firms even have wealthy connections with varied monetary establishments by means of investments, debt issuance, and capital elevating.
A separate cyber crime report by the cybersecurity specialist Black Kite additionally indicated how insurance coverage firms “can’t afford down time.” Because of this, hackers imagine that insurers usually tend to pay ransom. The report added, nevertheless, that not all cyberattacks are focused. There are instances when cybercriminals simply launch malware, hoping to pounce on unwitting victims.
In its newest cyber risk panorama report, the cyber intelligence platform IntSights recognized the highest 5 threats going through the insurance coverage trade. These are:
- Ransomware assaults: Insurance firms offering cyber protection, notably for ransomware assaults, may even see their policyholders being more and more focused as cyber crime teams imagine that companies usually tend to pay for ransom if their insurance policies cowl for it. In phrases of risk disclosure, ransomware assaults have advanced from merely encrypting information to threatening to dump compromised information on the darkish net for different cybercriminals to entry.
- Compromise and sale of policyholder information: Insurers possess a considerable amount of private information that cyber crime teams can use to commit fraud and different malicious actions. This makes insurance coverage firms a horny goal for cyberattacks.
- State-sponsored assaults: State-sponsored risk actors can use PII they stole to help their nation’s intelligence operations and different investigative actions. The cyber crime report has discovered that some overseas intelligence companies gather all these information and inject it into searchable databases to allow them to carry out focused queries.
- COVID-19-related exploits: The pandemic has opened many alternatives for hackers to focus on healthcare organizations, probably the most weak sectors. Cybercriminals could possibly exploit COVID-19 data to commit insurance coverage fraud and identification theft.
- Hacktivists: Ideologically motivated cybercriminals can goal insurance coverage firms to help their political or financial objectives. Financial establishments and authorities companies, which can be amongst their policyholders, are additionally vulnerable to hacktivist assaults.
Cyber insurance coverage has turn into a well-liked danger administration software amongst companies, particularly with digital transformation giving rise to continuously evolving cyber threats. And because the frequency and severity of cyberattacks intensify, cyber insurers play a key position in protecting companies protected. Find out which carriers made it to our newest rankings of the highest cyber insurance coverage firms within the US by clicking the hyperlink.
Data breaches value firms internationally a mixed $4.35 million, in keeping with IBM’s newest report. The determine is a 2.6% improve from the earlier 12 months. In the US, nevertheless, the associated fee is greater than twice the worldwide common at $9.44 million. This is the twelfth consecutive 12 months that the nation has incurred the best value within the annual report. In phrases of trade, the healthcare sector is hit the toughest, incurring a mixed international common of $10.1 million.
Given the present risk atmosphere, it’s only a matter of time earlier than what you are promoting falls sufferer to a serious cyberattack. The scenario stresses the necessity on your group to know what steps to take when cybercriminals strike as your survival will depend on how efficient your cyber response methods are.
How does cyber insurance coverage work?
Cyber insurance coverage is a sort of coverage designed to cowl monetary losses incurred because of a cyberattack. It affords two sorts of safety:
- First-party protection: Covers the monetary losses a enterprise incurs due to a cyber incident.
- Third-party protection: Pays out for authorized prices if a third-party sues for damages ensuing from a cyberattack, in addition to regulatory fines.
What components influence the associated fee cyber insurance coverage?
Businesses ought to be aware of the a number of components influencing the price of protection earlier than buying cyber insurance coverage. These embody:
- The variety of workers
- The trade the enterprise is in
- Company income
- Level of protection
- Cybersecurity measures in place
Which industries are most weak to cyberattacks?
Businesses in all industries are liable to being focused by cyber criminals, however some sectors are extra weak than others. Here are the industries that cyber crime stories establish are most weak due to the sort and quantity of information they gather and handle.
- Healthcare
- Financial companies, together with insurance coverage
- Retail
- Education
- Energy and utilities
- Government
Is it value taking out cyber insurance coverage?
Cybersecurity consultants warn that cybercriminals typically don’t discriminate primarily based on a enterprise’ dimension. And with digital transformation occurring at such a speedy fee, new and doubtlessly extra damaging cyber dangers usually tend to emerge. This highlights the significance of getting the fitting type of safety, extra so for firms that deal with delicate information.
But these consultants additionally remind companies that it isn’t advisable to rely solely on cyber insurance coverage to bail them out when cybercriminals strike. To stay insurable, what you are promoting must do its half and take sturdy measures to guard towards cyber threats.
What do you consider the latest spate of cyberattacks focusing on the insurance coverage trade? Does our cyber crime report replicate the insurance coverage sector’s risk panorama? Feel free to share your ideas beneath.
Keep up with the most recent information and occasions
Join our mailing record, it’s free!
