The average ransomware loss hit $353,000 this year 📈

CASE STUDY

Medical office incurs nearly $800K in losses when threat actor steals protected health information

Nurse reading records on a clipboard

Industry

Healthcare

Background

  • Employees: 250 - 1000

  • Coverages: Ransomware, Breach Response, Business Interruption

A medical practice detected ransomware on their systems and called the Coalition Claims hotline the same day. Our Claims team answered the call and recommended launching a forensics investigation immediately.¹

Because they were understandably focused on resuming their operations, our healthcare policyholder was hesitant to initiate the investigation. However, they eventually agreed and engaged with an incident response vendor from our recommended panel. The investigation determined the ransomware was the HelloKitty variant and that the threat actor likely accessed the medical practice’s systems through a critical vulnerability.

The forensics team began negotiations after confirming the threat actor had stolen essential data for the medical practice’s operations. The threat actor had stolen data essential for the medical practice’s operations and demanded a $1M ransom; fortunately, the forensics team negotiated the amount down to $521,000. In addition to the ransom payment, the costs of business interruption, forensics, and breach counsel were covered under their policy (totaling an additional $284,000) thus the medical practice only had to pay a self-insured retention of $25,000, and their policy² covered more than $800,000.

Coalition² brings together active monitoring, incident response, and comprehensive insurance to solve cyber risk. To learn more, visit coalitioninc.com.

1. Breach response included the engagement of an incident response firm; the insured selected a third party vendor through Coalition’s recommendation. 2. The claim scenarios described here are intended to show the types of situations that may result in claims. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.