Category Archives: Technology

Technology

Data Visualization:
An Important Tool
for Insurance,
Risk Management

Leave a comment

By Max Dorfman, Research Writer, Triple-I

Data visualization has become an increasingly important tool for understanding and communicating complex risks and informing plans to address them.

Simply put, data visualization is the depiction of data through static or interactive charts, maps, infographics, and animations. Such displays help clarify multifaceted data relationships and convey data-driven insights.

The origins of data visualization could be considered to go back to the 16th century, during the evolution of cartography. However, modern data visualization is considered to have emerged in the 1960s, when researcher John W. Tukey published his paper The Future of Data Analysis, which advocated for the acknowledgement of data analysis as a branch of statistics separate from mathematical statistics. Tukey helped invent graphic displays, including stem-leaf plots, boxplots, hanging rootograms, and two-way table displays, several of have become part of the statistical vocabulary and software implementation.

Since Tukey’s advancements, data visualization has progressed in extraordinary ways. Matrices, histograms, and scatter plots (both 2D and 3D) can illustrate complex relationships among different pieces of data. And, in an age of big data, machine learning, and artificial intelligence, the possible applications of data science and data analytics has only expanded, helping curate information into easier to understand formats, giving insight into trends and outliers. Indeed, a good visualization possesses a narrative, eliminating the extraneous aspects of the data and emphasizing the valuable information. 

Whether for tracking long-term rainfall trends, monitoring active wildfires, or getting out in front of cyber threats, data visualization has proved itself tremendously beneficial for understanding and managing risk.

The Triple-I uses data visualization in its Resilience Accelerator to better illustrate the risks many communities face with natural disasters, particularly hurricanes, floods, and resilience ratings. Spearheaded by Dr. Michel Leonard, Chief Economist and Data Scientist, Head of the Economics and Analytics Department at the Triple-I, these data visualizations provide an ever-needed way to more effectively communicate these hazards, expanding the knowledge base of insurers, consumers, and policymakers.

To further understand data visualization, we sat down with Dr. Leonard.

Why is data visualization so essential in preparing for and responding to catastrophes? What immediately comes to mind is maps. We can make spreadsheets of policies and claims, but how do you express the relationships between each row in these spreadsheets? We can use data visualization to show how houses closest to a river are most at risk during a flood or show the likely paths of wildfires through a landscape. Before a catastrophe, these tools help us identify at-risk zones to bolster resilience. After a catastrophe, they help us identify areas that need the most to rebuild.

How can data visualization help change the way insurers confront the challenges of catastrophes? The most crucial aspect of data visualization for insurers is the potential to explore “what-if” scenarios with interactive tools. Understanding risk means understanding what range of outcomes are possible and what it most likely to happen. Once we start accounting for joint outcomes and conditional probabilities, spreadsheets turn into mazes. Thus, it’s important to illustrate the relationship between inputs and outputs in a way that is reasonably easy to understand.

With the increasing threat of climate risk, how much more significant do you anticipate data visualization will become? I’m reminded of the writings from the philosopher Timothy Morton, who described climate change as a “hyper-object”: a multifaceted network of interacting forces so complex, and with so many manifestations that it is almost impossible to fully conceptualize it in your head at once.

Climate change is complicated and communicating about the risks it creates is a unique problem. Very few people have time to read through a long technical report on climate risk and how it might affect them. Thus, the question becomes: How do we communicate to people the information they need in a way that is not only easy to understand but also engaging?

Images or infographics have always been compelling tools; however, we prefer interactive data visualization tools for their ability to capture attention and curiosity and make an impression.

How does the Resilience Accelerator fit into the sphere of data visualization? With the Resilience Accelerator, we wanted to explore the interplay between insurance, economics and climate risk, and present our findings in an engaging, insightful way. It was our goal from the beginning to produce a tool that would help policymakers, insurers, and community members could find their counties, see their ratings, compare their ratings with those of neighboring counties, and see what steps they should take to improve their ratings.

What motivated this venture into data visualization – and how can it help change the ways communities, policymakers, and insurers prepare for natural disasters? It’s our job to help our members understand climate-related risks to their business and to their policyholders. Hurricanes and floods are only the first entry in a climate risk series we are working on. We want our data to drive discussion about climate and resilience. We hope the fruits of those discussions are communities that are better protected from the dangers of climate change.

Where do you see data visualization going in the next five to 10 years?
I’m interested in seeing what comes from the recent addition of GPU acceleration to web browsers and the shift of internet infrastructure to fiber optics. GPU acceleration is the practice of using a graphics processing unit (GPU) in addition to a central processing unit (CPU) to speed up processing-intensive operations. Both of these technologies are necessary for creating a 3-D visualization environment with streaming real-time data.

Cyber Risk

Cyberattacks Growing
in Frequency, Severity, And Complexity

Leave a comment

By Max Dorfman, Research Writer, Triple-I (04/29/2022)

Several recent reports quantify the growing risk and cost of cyber attacks in 2021.

Willis Towers Watson PLC, a multinational risk-management, insurance brokerage, and advisory company, and global law firm Clyde & Co, surveyed directors and risk managers based in more than 40 countries around the world. They found that 65 percent regard cybercrime as “the most significant risk” facing directors and officers. Data loss and cyber extortion followed, at 63 percent and 59 percent, respectively.

In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.

The frequency of ransomware attacks alone rose by 105 percent globally in 2021, SonicWall says,  making them the most frequent type of cyberattack on record. The State of Ransomware 2022 by Sophos, a security software and hardware company, found that 66 percent of organizations surveyed were attacked by ransomware in 2021, rising from 37 percent in 2020. Ransomware payments often trended higher, with 11 percent of organizations stating that they paid ransoms of $1 million or more, up from 4 percent in 2020. Additionally, 46 percent of organizations that had data encrypted in a ransomware attack paid the ransom.

The 2021 Software Supply Chain Security Report by Argon, an Aqua Security company, underscores the main areas of criminal focus, including: “open-source vulnerabilities and poisoning; code integrity issues; and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.”

According to the Argon report, cybercriminals often use these methods to extort victims:

  • Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted.
  • Data Theft: Hackers release sensitive information if a ransom is not paid.
  • Denial of Service (DoS): Ransomware gangs launch denial of service attacks that shut down a victim’s public websites.
  • Harassment: Cybercriminals contact customers, business partners, employees, and media to tell them the organization was hacked.

“The number of attacks over the past year and the widespread impact of a single attack highlights the massive challenge that application security teams are facing,” said Eran Orzel, a senior director at Argon.

Cyber insurers work toward protecting businesses

Cyber insurance remains an important investment for many companies, particularly as cyberattacks continue to wreak havoc across industries. Investing in cyber insurance can help an organization recover from an attack, with cyber insurance companies often helping to recover data, repair damaged devices, protect a company from civil lawsuits, and fixing any reputational damage sustained during an attack.

However, the first line of defense is creating a robust cybersecurity system, training employees on how to identify a potential attack, encrypting company data, and enabling antivirus protection. With only half of businesses reporting a consistent encryption strategy, and the cost of data breaches continuing to rise, organizations must do more to protect themselves and their customers.

Cyber Risk, Technology

Study Highlights Cost
of Data Breaches
in a Remote-Work World

Leave a comment

By Max Dorfman, Research Writer, Triple-I (04/27/2022)

A recent study by IBM and the Ponemon Institute quantifies the rising cost of data breaches as workers moved to remote environments during the coronavirus pandemic.

According to the report, an average data breach in 2021 cost $4.24 million – up from $3.86 million in 2020. However, where remote work was a factor in causing the breach, the cost increased by $1.07 million. At organizations with 81-100 percent of employees working remotely, the total average cost was $5.54 million.

To combat the risks associated the rise of remote work, the study highlights the importance of security artificial intelligence (AI) and automation fully deployed – a process by which security technologies are enabled to supplement or substitute human intervention in the identification and containment of incidents and intrusion efforts.

Indeed, organizations with fully deployed security AI/automation saw the average cost of a data breach decrease to $2.90 million. The duration of the breach was also substantially lower, taking an average of 184 days to identify the breach and 63 days to contain the breach, as opposed to an average of 239 days to identify the breach and 85 days to contain the breach for organizations without these technologies.

Organizations continue to struggle with breaches

In 2021 and 2022, several high-profile data breaches have illustrated the major risks cyberattacks represent. This includes a January 2022 attack 483 users’ wallets on Crypto.com, which resulted in the loss of $18 million in Bitcoin and $15 million in Ethereum and other cryptocurrencies.

In February, the International Committee of the Red Cross (ICRC) was targeted by a cyberattack that resulted in the hackers accessing personal information of more than 515,000 people being helped by a humanitarian program, with the intruders maintaining access to ICRC’s servers for 70 days after the initial breach.

And in April, an SEC filing revealed that the company Block, which owns Cash App, had been breached by a former employee in December of 2021. This leak included customers’ names, brokerage account numbers, portfolio value, and stock trading activity for over 8 million U.S. users.

Insurers play a key role in helping organizations

The increasing frequency and seriousness of cyberattacks has led more organizations to purchase cyber insurance, with 47 percent of insurance clients using this coverage in 2020, up from 26 percent in 2016, according to the U.S. Government Accountability Office. This shift includes insurers offering more policies specific to cyber risk, instead of including this risk in packages with other coverage.

The insurance industry offers first-party coverage – which typically provides financial assistance to help an insured business with recovery costs, as well as cybersecurity liability, which safeguards a business if a third party files a lawsuit against the policyholder for damages as a result of a cyber incident.

A third option, technology errors and omissions coverage, can safeguard small businesses that offer technology services when cybersecurity insurance doesn’t offer coverage. This kind of coverage is triggered if a business’s product or service results in a cyber incident that involves a third party directly.

Still, the primary focus for organizations looking to defend themselves from cyberattacks is implementing a rigorous cyber defense system.  

Business Insurance, Business Risk, Catastrophes, Cyber Risk, Risk Management

Cyber Tops Allianz 2022 Survey of Business Risks

Leave a comment

By Max Dorfman, Research Writer, Triple-I

Cyber incidents are the top threat to businesses, according to the latest Allianz Risk Barometer survey, up from third place in 2021. This result follows several significant data breaches and hacks last year, including the Colonial Pipeline ransomware attack, which caused a six-day shutdown and cost the company $4.4 million to regain access to its systems.

Business interruption fell to the second most important concern in a year marked by the continued presence of the coronavirus pandemic, cyberattacks, and natural catastrophes. Still, the report notes that the pandemic “has exposed the fragility and complexity of modern supply chains and how multiple events can come together to cause problems, raising awareness of the need for greater resilience and transparency.”

Natural catastrophe risk ranks third on the list – a jump from sixth in 2021. Global insured catastrophe losses increased to $112 billion in 2021, the fourth highest on record, according to Swiss Re.

While cyber is ranked as a more immediate threat to business than climate change, the report says these two perils are “linked by the fact that two of the most significant impacts expected from changes in legislation and regulation (the fifth top risk) in 2022 will be around big tech and sustainability.”

Pandemic outbreak fell to fourth place for 2022, with many companies comfortable that they are now better prepared for the consequences of these occurrences. According to the report, 80 percent of respondents believe they are “adequately” or “well” prepared.

The 11th annual report was developed from a late 2021 survey of 2,650 risk management experts from 89 countries and territories, including Allianz customers, brokers, industry trade organizations, risk consultants, and underwriters, with a focus on large- and small to mid-size companies.

Careers and Employment, Technology

Invest in Technology — But Don’t Forget
to Invest in People

Leave a comment

A recent survey of insurance underwriters found that 40 percent of their time is spent on “tasks that are not core” to underwriting. The top three reasons they cited are:

  • Redundant inputs/manual processes;
  • Outdated/inflexible systems; and
  • Lack of information/analytics at the point of need.

The survey – conducted by The Institutes and Accenture – also found that underwriting quality processes and tools are at their lowest point since the survey was first conducted in 2008. Only 46 percent of the 434 underwriters who responded said they believe their frontline underwriting practices are “superior” – which is down 17 percent from 2013.

“While underwriters believe technology changes have improved underwriting performance, 64 percent said their workload has increased or had no change with technology investments,” Christopher McDaniel, president at The Institutes Catastrophe Resiliency Council, told attendees at Triple-I’s Joint Industry Forum.

The survey’s findings with respect to talent may shed some light on this. The number of organizations viewed as having “superior” talent management capabilities for underwriting fell 50 percent since 2013 across almost every measure of performance evaluated.

“Training, recruiting, and retention planning had some of the biggest drops, particularly for personal lines,” McDaniel said. About a quarter of personal lines underwriters said they view their company’s talent management programs as deficient.  That rate rose to 41 percent for talent retention; 37 percent for in succession planning; 33 percent for in training; and 30 percent for recruiting

“While technology investment may have improved underwriting performance” in terms of risk evaluation, quoting, and selling, McDaniel said those improvements “appear to have come at the expense of training and retaining underwriting talent,” McDaniel said.

Even before the pandemic and “the great resignation,” insurance faced a talent gap.  Part of the challenge has been finding replacements for a rapidly retiring workforce, as the median age of insurance company employees is higher than in other financial sectors.

McKinsey study that assessed the potential impact of automation on functions like underwriting, actuarial, claims, finance, and operations at U.S and European companies found that as underwriting  becomes more technical in nature it also will require more social skills and flexibility. Respondents to the McKinsey survey said automation and analytics-driven processes will produce a greater need for “soft skills” to shape and interpret quantitative outputs. Adaptability will also become more important for underwriters to stay responsive to changing risks and learn new techniques as technology changes.

“Underwriters will not become programmers themselves,” the McKinsey report said, “but they will work extensively with colleagues in newer digital and data-focused roles to develop and manage underwriting solutions.”

Technology

NFT & Insurance: Is It “A Thing”?

Leave a comment

Non-fungible tokens (NFTs) are a hot topic, gaining attention from pop culture to the business press. Most of this notoriety has been associated with the buying and selling of digital collectibles, but the underlying blockchain technology and this specific application of it have implications for tangible assets and for insuring both digital and physical properties.

For this reason, the Institutes RiskStream Collaborative – the risk-management and insurance industry’s first enterprise-level blockchain consortium – recently launched a free educational series about NFTs.

What are NFTs?

“Non-fungible” means an object is unique and can’t be replaced with something else. A dollar is fungible – you can trade it for another dollar bill or four quarters or specific numbers of other coins, and you still have exactly one dollar.  An individual bitcoin is fungible. A one-of-a-kind trading card isn’t fungible – if you trade it for a different card, you would have a different thing, and you would lose possession of your original card.

NFTs are unique digital markers that can be associated with an asset to identify it as one-of-a-kind.

Want to understand more? Watch the first episode.

Insurance potential

In the second episode, the RiskStream Collaborative brings in Jakub Krcmar, CEO of Veracity Protocol, to discuss the concepts of computer vision, digital twins, and NFTs of physical products. The ability to create a unique digital twin of exact replicas – like identical baseball cards or identical automobile gears – to create an NFT may have major insurance implications. One example was the potential for NFTs to be associated with high-value physical objects to demonstrate authenticity of ownership and reduce or eliminate fraud opportunities.

Episode three features Natalia Karayaneva, CEO of Propy, who explains the potential for NFTs in real estate transactions. She highlights some of the benefits of the NFT approach, underscoring the efficiencies brought to primarily paper-intensive processes. The potential for insurance also is discussed.

In episode four, Kaleido CEO Steve Cerveny wraps up the series by describing the tokens themselves. He highlights the ability to create NFTs to represent any asset. These tokens are programmable “things” on a blockchain, which can help with business processes. Blockchains are basically ledgers or databases. Like any ledger, they record transactions; unlike traditional ledgers, however, blockchains are distributed across networked computer systems. Anyone with an internet connection and access to the blockchain can view and transact on the chain.

This open, consensus-based nature of blockchain – with everyone on the chain checking the validity of every transaction according to an established set of rules – enables conflicts to be resolved automatically and transparently to all participants. This dispenses with the need for a central authority to enforce trust and allows participants to build in automation through smart contracts.

The Riskstream Collaborative is the largest blockchain consortium in insurance, with over 30 carriers, brokers, and reinsurers as members who lead governance and activity. An “associate member ecosystem” is beginning to be established, and RiskStream is inspecting use cases in personal lines, commercial lines, reinsurance, and life and annuities.

Cyber Risk, Technology

As Cybercriminals Act More Like Businesses, Insurers Must Think
More Like Criminals

Leave a comment
Credit for all photos in this post: Don Pollard

Cybersecurity is no longer an emerging risk but a clear and present one for organizations of all sizes, panelists on a panel at Triple-I’s Joint Industry Forum (JIF) said. This is due in large part to the fact that cybercriminals are increasingly thinking and behaving like businesspeople.

“We’ve seen a large increase in ransomware attacks for the sensible economic reason that they are lucrative,” said Milliman managing director Chris Beck. Cybercriminals also are becoming more sophisticated, adapting their techniques to every move insurers, insureds, and regulators make in response to the latest attack trends. “Because this is a lucrative area for cyber bad actors to be in, specialization is happening. The people behind these attacks are becoming better at their jobs.”

As a result, the challenges facing insurers and the customers are increasing and becoming more complex and costly. Cyber insurance purchase rates reflect the growing awareness of this risk, with one global insurance broker finding that the percentage of its clients who purchased this coverage rose from 26 percent in 2016 to 47 percent in 2020, the U.S. Government Accountability Office (GAO) stated in a May 2021 report.

Panel moderator Dale Porfilio, Triple-I’s chief insurance officer, asked whether cyber is even an insurable risk for the private market. Panelist Paul Miskovich, global business leader for the Pango Group, said cyber insurance has been profitable almost every year for most insurers. Most cyber risk has been managed through more controls in underwriting, changes in cybersecurity tools, and modifications in IT maintenance for employees, he said.

By 2026, projections indicate insurers will be writing $28 billion annually in gross written premium for cyber insurance, according to Miskovich. He said he believes all the pieces are in place for insurers to adapt to the challenges presented by cyber and that part of the industry’s evolution will rely on recruiting new talent.

“I think the first step is bringing more young people into the industry who are more facile with technology,” he said. “Where insurance companies can’t move fast enough, we need partnerships with managing general agents, with technology and data analytics, who are going to bring in data and new information.”

“Reinsurers are in the game,” said Catherine Mulligan, Aon’s global head of cyber, stressing that reinsurers have been doing a lot of work to advance their understanding of cyber issues. “The attack vectors have largely remained unchanged over the last few years, and that’s good news because underwriters can pay more attention to those particular exposures and can close that gap in cybersecurity.”

Mulligan said reinsurers are committed to the cyber insurance space and believe it is insurable. “Let’s just keep refining our understanding of the risk,” she said.

When thinking about the future, Milliman’s Beck stressed the importance of understanding the business-driven logic of the cybercriminals.

If, for example, “insurance contracts will not pay if the insured pays the ransom, the logic for the bad actor is, ‘I need to come up with a ransom schema that I’m still making money’,” but the insured can still pay without using the insurance contract.

This could lead to a scenario in which the ransom demands become smaller, but the frequency of attacks increases. Under such circumstances, insurers might have to respond to demand for a new kind of product.

Learn More about Cyber Risk on the Triple-I Blog

Cyberattacks on Health Facilities: A Rising Danger

Cyber Insurance’s “Perfect Storm”

“Silent” Echoes of 9/11 in Today’s Management of Cyber-Related Risks

Brokers, Policyholders Need Greater Clarity on Cyber Coverage

Cyber Risk Gets Real, Demands New Approaches

Technology

Executive Exchange: Pandemic Lockdown Speeds Insurance Digitization Growth

Leave a comment

The global pandemic accelerated many technological advances that were already underway in the insurance industry – changes that are likely to pick up speed as COVID-19 recedes, according to Rohit Verma, CEO, Crawford & Co.

Triple-I CEO Sean Kevelighan recently spoke with Verma about the dramatic changes taking place as virtual interactions became more necessary and expected by consumers – especially in the early stages of the COVID-19 crisis. Crawford is a global provider of claims management solutions. 

“We have a self-service app which had probably a seven to 10 percent adoption rate,” Verma said in the conversation, which you can watch in full below. “Within the first three months, that adoption rate went up from seven to 10 percent to about 35 to 40 percent.”

Verma said he expects further acceleration of digitization in insurance, with start-ups partnering with larger, established companies to transform how insurance is done. The biggest obstacle, as he sees it, is the question: “Do we approach problems with a viewpoint of how we do solve them digitally, or do we approach them on how we solve them traditionally?”

Verma will be one of five senior executives participating in the C-Suite Panel on Resilience at Triple-I’s 2021 Joint Industry Forum on Thursday, Dec. 2, in New York City.

Insurance Industry, Insurers and the Economy, Technology

This Just In:
Insurance Isn’t Boring

Leave a comment

I just learned that November 3 is National Cliché Day. Who knew?

So, what better time than now (before it’s too late!) to bust the cliché that insurance is a boring industry.

The cliché might be rooted in the idea that insurance is all about remaining cozily in some imaginary “safety zone”.  Or maybe in the fact that the industry’s visual surface tends to be one of dull-looking paperwork full of fine print.

But think about it: the entire industry is rooted in risk!

Automobile accidents and other forms of property damage are only the start of it. There’s liability risk – the risk of being sued: product liability, professional liability, employment practices, directors and officers, errors and omissions, medical malpractice – the list goes on, and insurance professionals have to understand these areas of risk intimately to price policies, set aside appropriate reserves, and pay claims in a timely fashion.

Is climate-related risk keeping you up at night? You’re not alone. Insurers have been working on that one for decades, empowered by sophisticated modeling and analytics capabilities.  They aren’t just worrying about extreme weather and climate – they’re partnering with other industries, communities, and governments to do something about it.  

And, speaking of sophisticated technology – what about cyber risk? The average cost of a data breach rose year over year in 2021 from $3.86 million to $4.24 million, according to a recent report by IBM and the Ponemon Institute — the highest in the 17 years that this report has been published. These kinds of numbers add up quickly. Unlike flood and fire – perils for which insurers have decades of data to help them accurately measure and price policies – cyber threats are comparatively new and constantly evolving. The presence of malicious intent results in their having more in common with terrorism than with natural catastrophes.

These are just a few of the risks types insurance professionals look in the eye daily, working with a wide range of experts across industries and disciplines to meet them.  From the individual and family level to businesses large and small to the global economy, insurers play a critical role as both risk-management partners and financial first responders.

Keep these things in mind next time you catch yourself stifling a yawn at the mention of insurance!

Cyber Risk, Health & Safety

Cyberattacks on Health Facilities: A Rising Danger

Leave a comment

By Max Dorfman, Research Writer, Triple-I

As cyberattacks have increased in recent years, one area of particular concern has been those that target hospitals and health systems. These attacks have affected not only private information but also threatened the lives and well-being of patients.

A major shift

Hospitals rely more than ever on computerized systems to manage their information and systems. With the added complications related to the COVID-19 pandemic, the dangers associated with cyberattacks have only worsened.

“It’s part of a trend we’ve seen building over the last couple years, even before the pandemic,” said Scott Shackelford, chairman of the IU Cybersecurity Risk Management Program. Unfortunately, health-care providers are very much in the crosshairs. Not only do they often have insurance and deep pockets, but doctors need access to patient information to perform procedures and provide required services.

Because of this vulnerability and urgency, Shackelford said, “They are more likely to pay up.”

“If you look at the surveys that have been done, about one-in-three health providers have been hit by ransomware attacks just since 2020, and there’s been a 45 percent uptick in that rate since last December,” Shackelford added.

One recent attack, on Johnson Memorial Health in Franklin, Indiana, disabled its computer system. Although the hospital said it could still manage its patient intake, the loss of computer capabilities slowed operations down dramatically.

“We’re used to sending lab orders via computer, sending prescriptions to pharmacies via computer, so we’re going back to a real reliance on paper again,” Johnson Memorial President and CEO David Dunkle said. “We’re using more human runners, people taking lab recs between the ER and the lab.”

Hospitals have been slow to respond

Although there have been major technological advancements in the medical field, not all health systems have provided robust IT teams or thorough safety protocols. One area of note is with new medical devices, which take years to earn FDA approval and can come with outmoded software and operating systems without the latest security mechanisms.

This has given hackers the ability to disable medical imaging devices like MRIs. They can then shut down or interfere with machines.  A recent study by McAfeeEnterprise’s Advanced Threat Research Team uncovered that an IV pump created by German medical manufacturer B. Braun possessed a susceptibility that would allow hackers to change medicine doses remotely.

And while traditional phishing attacks require a user to open a corrupted file — a trend that is now on the decline — new attacks can use so-called Zero Click malware, which can infect a system merely through receiving a text or email.

Additionally, sensitive data that health systems possess gives hackers the opportunity to sell this information online — or threaten to — with demands rising into the millions of dollars. After a 2009 U.S. law was passed that required Medicare and Medicaid providers to implement electronic health records, these risks have only accelerated.

Life and death circumstances

Hospitals are now not only seeing the financial risks with cyberattacks, but the threat to their patients’ lives.

In July 2019, Springhill Medical Center faced a massive ransomware attack that disabled its electronic devices. This failure created dire circumstances for one infant, causing doctors to be unable to monitor the child’s condition during delivery. The infant died, and the hospital is being sued by the mother for malpractice—a charge Springhill denies.

Another attack in Düsseldorf, Germany in 2020 saw the death of a 78-year-old woman from an aortic aneurysm. What was supposed to be a routine pick-up turned into a nightmare, when the local hospital’s system was disabled by a ransomware attack, forcing the emergency department to turn away the woman and causing the ambulance to travel much farther. During this time, the patient’s condition worsened, and she eventually died.

How much worse can it get?

By the middle of August of 2021, 38 attacks on health-care providers or systems had interrupted care at approximately 963 U.S. locations. For all of 2020, only 560 sites were affected in 80 separate incidents, according to Brett Callow, a threat analyst at security firm Emsisoft.

With the vast amount of data and equipment at each of these health facilities—as well as the linked networks of many systems—the threat of cyberattacks in health care will only continue to grow unless more action is taken.