The insurance industry cyber crime report: recent attacks on insurance businesses

The insurance industry cyber crime report: recent attacks on insurance businesses

The insurance industry cyber crime report: recent attacks on insurance businesses | Insurance Business America

Guides

The insurance industry cyber crime report: recent attacks on insurance businesses

The latest cyber crime report reveals increasingly damaging cyberattacks targeting the insurance industry

The insurance industry’s sheer size and scope, along with the substantial amount of sensitive data it manages and stores, make the sector a prime target for cyber crime. And with insurance companies increasingly shifting key processes to digital channels in recent years, the volume of cyberattacks against the industry has likewise risen dramatically.  

In this part of our cyber crime report, Insurance Business lists down the most recent cyberattacks targeted at the insurance industry. We will discuss the scale and magnitude of these attacks and the impact of the aftermath. This article will also explain the most common cyber threats hounding the sector and what businesses can do to protect themselves.  

This piece can serve as a useful reference for both customers and insurance professionals on the different threats the industry is facing and what cybersecurity measures they can take to mitigate the impacts of such attacks.      

Bitmarck cyberattack 

Date of attack: April 2023 

Location: Germany 

A cyberattack in late April 2023 prompted Bitmarck – a major IT service provider for Germany’s statutory health insurance system – to take all its customer and internal systems offline. The move affected many of the company’s clients, particularly those who rely on Bitmarck to issue their electronic sickness certificates, which are used in the country to pay employees’ leaves. 

Bitmarck did not reveal the nature of the attack but announced that patient data was not “endangered.” The company added that it would bring back systems online in a “cautious manner” to mitigate the cyber incident’s impact and risk to clients. 

The cyberattack follows another incident in January, in which personal data – including names, dates of birth, and insurance card ID numbers – belonging to more than 300,000 policyholders were stolen.  

Point32Health ransomware incident 

Date of attack: April 2023 

Location: US 

In mid-April 2023, the second-largest health insurer in Massachusetts suffered major technical outages resulting from a ransomware attack. The incident brought down the company’s systems that it uses to service members and providers, resulting in some members having difficulty contacting their insurers.  

The members who were affected by the cyberattack were mostly those covered under the Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans. Members under the Tufts Health Plan were not impacted. 

Point32Health, the parent company of Harvard Pilgrim Health Care and Tufts Health Plan, suffered a ransomware attack on April 17. – https://t.co/6IfIF1PqlI


— HealthITSecurity (@SecurityHIT) April 20, 2023

Insurance Information Bureau of India cyber breach 

Date of attack: April 2023 

Location: India 

IIB is the industry’s regulatory body in the country. The organization’s latest figures show that India’s insurance sector includes 57 insurers – 24 in the life insurance sector and 33 non-life carriers. These include major brands Aviva Life, Bajaj Allianz, Bharti AXA, Cigna TTK, Future Generali, Tata AIA Life, and TATA AIG.   

Latitude Financial data breach 

Date of attack: March 2023 

Location: Australia and New Zealand 

A record 14 million customer records were stolen in a cyberattack targeting financial services giant Latitude Financial, the company revealed in March 2023. The figure was far worse than the firm initially reported and included the following:  

See also  Steadfast’s 1H24: “Sustained” organic growth and acquisitions


About 7.9 million driver’s licence numbers, with some including the licence holder’s name, address, phone number, and date of birth 
About 103,000 copies of driver’s licences or passports 
About 53,000 passport numbers 
Less than 100 monthly account statements 
Income and expense information used to assess around 900,000 loan applications, including about 308,000 bank account numbers (excluding passwords) and 143,000 credit card or credit card account numbers (excluding three-digit CVC or expiry date), with the “overwhelming majority” either closed or expired 

According to New Zealand’s Office of the Privacy Commissioner, about 13% of the 7.9 million customers whose driver’s licence numbers were compromised were from the country, which was equivalent to 20% of its entire population. This makes the data breach the largest ever recorded in New Zealand when it comes to the number of affected individuals.  

There were also questions on why Latitude was holding on to that much data from former clients, which the company admitted dated back to 2005. The firm claims to handle only about 2.8 million customer accounts, according to its website. 

Latitude first disclosed the cyberattack mid-March, saying that the breach only affected about 100,000 identification documents and 225,000 customer records. The company offers a variety of credit options, including credit cards, personal and car loans, and insurance.  

Capita cyberattack 

Date of attack: March 2023 

Location: UK 

The fallout from a March cyberattack on UK-based IT services provider Capita has continued, with sources claiming that the incident affected up to 350 pension funds. Personal data belonging to millions of retirement savers might have been compromised, which would make the cyberattack the largest-ever in the country’s history. 

The Universities Superannuation Scheme (USS), the largest private pension pot in the UK, were among those affected. It claimed that about 470,000 of its members had their personal information – including names, dates of birth, and National Insurance numbers – stolen through Capita’s software. 

According to Capita, the hack started “on or around” March 22 and was intercepted in March 31. In April, Russian-speaking cyber crime group Black Basta claimed responsibility for the data breach. The gang later posted passports, addresses, and bank account details that it claimed it stole from Capita’s servers. Capita, however, did not confirm the authenticity of the documents.  

Capita is also one of the largest IT services providers of the National Health Service (NHS) – the UK’s public healthcare system. 

Capita has published an update on its cyber attack. Data was taken from less than 0.1% of its servers.The hack will cost the business up to £20m pic.twitter.com/f1DwAdjWEK


— Katie Prescott (@kprescott) May 10, 2023

NationsBenefits data breach 

Date of attack: January 2023 

Location: US 

In April 2023, Florida-based healthcare benefits provider NationsBenefits disclosed that thousands of its members had their personal information compromised in a late-January ransomware attack targeting Fortra’s GoAnywhere platform, a file-transfer software that the firm was using.  

According to news reports, ransomware gang Clop claimed responsibility for the attack, saying it took advantage of a previously unknown vulnerability to raid several GoAnywhere customers. The group added that it stole sensitive data from over a hundred organizations.   

See also  Ping An boss sees big gains in senior care financial planning

In a notification to affected clients, NationsBenefits said that the data breach involved key personal data, including: 


Full name 
Gender 
Health plan identification number 
Address 
Phone number  
Date of birth  

NationsBenefits provides health insurance policyholders a range of supplemental benefits, including vision and hearing care, and over-the-counter medication. The firm has more than 20 million members across the US. It is a third-party vendor for health insurance giant Aetna, although it was unclear if Aetna members were affected by the attack.   

The sheer volume of personal and financial data that insurance companies possess makes them an attractive target for cyber crime groups. This was what the International Association of Insurance Supervisors (IAIS) revealed in their cyber risk paper.  

According to the group, the type of data – which includes personal identifiable information (PII) – that insurers collect, process, and store in substantial amounts, makes these companies especially vulnerable to cyberattacks. Cybercriminals are also salivating over the fact that insurance companies also have rich connections with various financial institutions through investments, debt issuance, and capital raising.  

A separate cyber crime report by the cybersecurity specialist Black Kite also indicated how insurance companies “can’t afford down time.” Because of this, hackers believe that insurers are more likely to pay ransom. The report added, however, that not all cyberattacks are targeted. There are times when cybercriminals just release malware, hoping to pounce on unwitting victims.  

In its latest cyber threat landscape report, the cyber intelligence platform IntSights identified the top five threats facing the insurance industry. These are:   


Ransomware attacks: Insurance companies providing cyber coverage, particularly for ransomware attacks, may see their policyholders being increasingly targeted as cyber crime groups believe that businesses are more likely to pay for ransom if their policies cover for it. In terms of threat disclosure, ransomware attacks have evolved from merely encrypting files to threatening to dump compromised data on the dark web for other cybercriminals to access. 
Compromise and sale of policyholder data: Insurers possess a large amount of personal data that cyber crime groups can use to commit fraud and other malicious activities. This makes insurance companies an attractive target for cyberattacks.  
State-sponsored attacks: State-sponsored threat actors can use PII they stole to support their nation’s intelligence operations and other investigative activities. The cyber crime report has found that some foreign intelligence services collect these types of data and inject it into searchable databases so they can perform targeted queries.  
COVID-19-related exploits: The pandemic has opened many opportunities for hackers to target healthcare organizations, one of the most vulnerable sectors. Cybercriminals may be able to exploit COVID-19 records to commit insurance fraud and identity theft. 
Hacktivists: Ideologically motivated cybercriminals can target insurance companies to support their political or economic goals. Financial institutions and government agencies, which may be among their policyholders, are also susceptible to hacktivist attacks. 

Cyber insurance has become a popular risk management tool among businesses, especially with digital transformation giving rise to constantly evolving cyber threats. And as the frequency and severity of cyberattacks intensify, cyber insurers play a key role in keeping businesses protected. Find out which carriers made it to our latest rankings of the top cyber insurance companies in the US by clicking the link.     

See also  Ryan Specialty to acquire California-based wholesale broker

Data breaches cost companies across the world a combined $4.35 million, according to IBM’s latest report. The figure is a 2.6% increase from the previous year. In the US, however, the cost is more than twice the global average at $9.44 million. This is the 12th consecutive year that the country has incurred the highest cost in the annual report. In terms of industry, the healthcare sector is hit the hardest, incurring a combined global average of $10.1 million. 

Given the current threat environment, it is only a matter of time before your business falls victim to a major cyberattack. The situation stresses the need for your organization to know what steps to take when cybercriminals strike as your survival depends on how effective your cyber response strategies are.  

How does cyber insurance work? 

Cyber insurance is a type of policy designed to cover financial losses incurred due to a cyberattack. It offers two types of protection: 


First-party coverage: Covers the financial losses a business incurs because of a cyber incident. 
Third-party coverage: Pays out for legal costs if a third-party sues for damages resulting from a cyberattack, as well as regulatory fines. 

What factors impact the cost cyber insurance? 

Businesses should be mindful of the several factors influencing the cost of coverage before purchasing cyber insurance. These include:  


The number of employees  
The industry the business is in  
Company revenue  
Level of coverage  
Cybersecurity measures in place 

Which industries are most vulnerable to cyberattacks? 

Businesses in all industries are at risk of being targeted by cyber criminals, but some sectors are more vulnerable than others. Here are the industries that cyber crime reports identify are most vulnerable because of the type and amount of data they collect and manage. 


Healthcare 
Financial services, including insurance 
Retail  
Education 
Energy and utilities 
Government  

Is it worth taking out cyber insurance? 

Cybersecurity experts warn that cybercriminals often do not discriminate based on a business’ size. And with digital transformation happening at such a rapid rate, new and potentially more damaging cyber risks are more likely to emerge. This highlights the importance of having the right form of protection, more so for companies that handle sensitive data.  

But these experts also remind businesses that it is not advisable to rely solely on cyber insurance to bail them out when cybercriminals strike. To remain insurable, your business needs to do its part and take robust measures to protect against cyber threats. 

What do you think of the recent spate of cyberattacks targeting the insurance industry? Does our cyber crime report reflect the insurance sector’s threat landscape? Feel free to share your thoughts below.

Keep up with the latest news and events

Join our mailing list, it’s free!