Ransomware attacks are changing how companies put a price on cybersecurity, and making it a Board Room issue. Think back to the data breaches at Anthem, Care First Blue Cross Blue Shield or Premera Blue Cross. Individual patient records were exposed, potentially costing each entity millions of dollars to make reparations. This includes the cost of communications, credit check services to patients, security remediation, and potential federal and state regulatory fines.
But the most recent ransomware attacks, from Hollywood Presbyterian and MedStar Health to Kansas Heart, were not designed to steal data. They were targeted at bringing these organizations to an operational standstill. They could not treat patients, perform scheduled surgeries, or even track billing. Everything that generated revenue came to a complete halt, and in some cases patients had to be redirected to other hospitals.
It is astounding that in such a short period of time ransomware has changed how healthcare companies are now looking at their operations. They also have to rethink their cyber liability insurance. In the case of data breaches, cyber liability insurance will often reduce the financial impact to no more than a rounding error for these multi billion dollar companies.
For ransomware attacks however, we are looking at the cost of an extended business interruption. This may not be fully covered in a standard Cyber Liability policy, meaning the bottom line impact is significantly more consequential. Taking out an additional Business Interruption policy may offset additional loss of income from a ransomware attack, but for a multi billion-dollar health system this is going to be expensive. Organizations must take a hard look at their Business Continuity plans. Swift business operations recovery is critical, particularly in healthcare. While a data breach will require an effective communication plan, day to day business operations are not typically disrupted. For ransomware attacks, the speed with which an organization can respond and restore services is key to containment and limiting the financial impact.
While cyberattacks are unpredictable, today they are much more of a probability.
Contact us to discuss how Ostendio’s MyVCMTM can help you develop, manage and track your Information Security, Risk Mitigation and Compliance.