Healthcare Ransomware Attacks Double, Driving Up Cyber Premiums

Feb 15, 2023

Across the board, we’ve seen a rise in cybercrime over the past few years, and the healthcare sector is being hit especially hard. HIPAA Journal reports that between 2009 and 2022, there were a combined total of 5,150 healthcare data breaches of 500 records or more.

Healthcare data breaches have continued to rise over the last decade. (Source: HIPPA Journal)

Not only is the frequency of healthcare data breaches rising, so are the resulting costs. According to IBM’s 2022 Data Breach Report, the average total cost of a healthcare data breach is $10.10M. This puts healthcare in the lead for the highest average data breach cost for any industry for 12 straight years. 

Healthcare leads the way as the industry with the highest average cost for a data breach. (Source: IBM)

Rise of Ransomware Attacks in Healthcare

A data breach occurs when someone gains unauthorized access to sensitive or confidential data, like names, addresses, birthdates, social security numbers, and credit card numbers. For healthcare organizations, this might also include medical records and insurance information. 

Although there are a number of different types of data breach attacks (phishing, DDoS, malware, and keystroke recording, just to name a few), the sharp rise of ransomware attacks on healthcare organizations is particularly troubling. 

According to a recent study published in JAMA by researchers at the University of Minnesota and University of Florida, ransomware attacks on U.S. healthcare organizations more than doubled from 2016 to 2019 (from 43 to 91). In that five year span, a total of 374 ransomware attacks exposed the personal health data of almost 42 million patients.

Ransomware Attacks Cripple Healthcare Business Operations

In a ransomware attack, a cyber criminal holds an organization’s data “hostage” by encrypting it and denying access. The criminal demands a ransom fee in exchange for releasing access back to the organization. In other types of data breach attacks (phishing or malware, for example), the goal is to steal data. But in the case of ransomware, the goal is typically to disrupt business operations so severely that the organization is compelled to pay the ransom. 

Though disruptions to business operations can cripple any business, for healthcare organizations, disruptions such as these can have life-threatening consequences. The University of Minnesota and University of Florida researchers explain: 

“News coverage of individual attacks suggests that ransomware attacks are substantially disruptive to care delivery, with reports of computers and electronic health records being disabled or encrypted, clinicians forced to document care using pen and paper, appointments and surgeries delayed or canceled, emergency departments forced to divert ambulances, and practice infrastructure so damaged that some practices have opted to close rather than try to restore systems.”

The researchers found that facilities most commonly impacted by ransom attacks are clinics, followed by hospitals, delivery organizations, and ambulatory surgical centers. 

Lack of Reporting Masks Full Impact of Ransomware

In their report, researchers noted that the true number of healthcare ransomware attacks is actually larger than what they reported. The federal database intended to document and track these breaches is woefully lacking. Although healthcare organizations are required to report breaches, some don’t, and a staggering 58 percent report outside the mandated 60-day reporting window. 

In addition, the federal database’s reporting doesn’t collect important information necessary to fully understand the scope of ransomware damage. For instance, there’s no requirement to report the operational disruptions experienced during an attack or whether paying the ransom actually resulted in data being successfully and safely released. 

Impact of Data Breaches on Insurance Coverage

Ransomware is one of many important coverages within a Cyber Liability policy. Though specific terms can vary depending on the policy, ransomware protection can help a company recoup the financial costs associated with an attack, which can be profound. 

On average, downtime for a ransomware attack is 23 days. During that time, healthcare facilities may need to cancel appointments or send patients elsewhere, which translates to a loss of income. Those business income losses can tack on an additional 30-45 percent to the total cost of a ransomware attack.  

Even more troubling, the total cost of a ransomware event has been steadily rising. According to Lindsey Nelson, cyber development leader from CFC Underwriting, “We’re seeing it cost 10 times the amount of what a ransomware event would have cost about three years ago, so naturally the market has had to respond to that.” 

In an effort to curb their losses, carriers are raising premiums, reducing coverage limits, increasing retentions, adding coinsurance clauses, and tightening up on security control requirements.

Demonstrating Cyber Resiliency Is Key when Negotiating Terms

When reviewing cyber policy applications, cyber underwriters are paying more attention to things like security controls, data management, and their business resilience plans. It’s imperative that healthcare organizations demonstrate their ability to not only protect themselves against attacks, but also provide specifics on incident response plans in order to guard against losses in the event of an attack.     

Jencap’s specialized cyber brokers provide the knowledge, guidance, and market access required to secure a comprehensive insurance solution for your healthcare clients. Contact our cyber experts for more information.

The Jencap Healthcare Insurance Team

The Jencap Healthcare Insurance Team

Healthcare industry risks are often complex and can have life-threatening impacts. It’s vital to partner with a wholesaler who can quickly pivot and adapt to the ever-evolving needs of your healthcare clients. Jencap’s experience, relationships and expertise within the medical professional liability class make us a premier source of coverage for a wide variety of insurance needs. Regardless of the claims history, risk exposures, or operational complexities, our specialized brokers have you and your clients covered.
cyber insurance | healthcare | ransomware | ransomware attacks



Jencap Professional Lines Insurance

Navigating the New Frontiers
of Professional Lines Insurance

From EPLI to Cyber, partnering with an expert professional lines broker makes the rough road much smoother. We live in a world where risks evolve rapidly, especially for businesses. Jencap’s specialized brokers share the six biggest challenges facing the Professional Lines industry today.





Jencap’s healthcare brokers are at the top of their fields and understand each and every unique underwriting intricacy of the healthcare industry. We skillfully assess the exposures and needs of each account’s healthcare business risks and provide winning insurance solutions. No existing solution? No problem — we’ll create one that’s customized to your clients’ unique situations. With our brokers’ deep product expertise, geographic knowledge, strong market intelligence, and keen eye for emerging industry trends, your clients will get the right policy every time, regardless of coverage need and risk exposure.

Stay Informed

Want to receive information from Jencap on timely marketplace trends, hot new product and program launches, and valuable product expertise that will set you up to win? Sign up below to receive email communications from Jencap.

This field is for validation purposes and should be left unchanged.