Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help


Cyber insurance for the healthcare industry

See how a new approach to cyber risk can help healthcare providers protect themselves and their clients from costly and disruptive attacks.

Healthcare - thumbnail

Why cyber insurance is critical for healthcare organizations

Patient confidentiality is paramount in the healthcare industry. Healthcare providers and other related businesses are entrusted to collect, transmit, and store not only health-related information but also personal, financial, and other identifying details. This sensitive data is often required to be available digitally, making it a frequent target of cybercriminals.

Healthcare providers use many technologies that present cyber risks, such as internet-accessible medical devices, remote monitoring tools, and telemedicine applications. Organizations must not only protect sensitive patient information but also maintain security and availability of data, as well as lifesaving technology. Even a minor breach or failure can have major cyber implications, potentially hindering the delivery of service and impacting the health and safety of patients, underscoring the importance of strong security controls and cyber insurance.

How bad could one small security incident be?

Circle - Money


Average cost of a cyber claim for healthcare businesses

Circle - Envelop 2


Percentage of cyber attacks originating from email inbox

Circle - Skull


Average ransomware loss for healthcare businesses

Unique exposures for healthcare companies

How essential technologies can create cyber risk

Electronic medical record (EMR) systems

Often cloud- or web-based, these essential systems are used to store, manage, and share patient records. A data breach or incident involving an EMR system could cause data privacy issues, regulatory violations, or even a disruption in services to patients in need of care.

Email & mobile devices

Mobile devices are essential for communication among healthcare workers, particularly email. However, business email compromise (BEC) is a frequent cause of cyber insurance claims for healthcare companies, which can trigger data breaches, business interruption and even reputational damage.

End-of-life software & hardware

Some organizations may use outdated technologies with the belief that upgrading would be expensive, time-consuming, and disruptive. However, technologies no longer supported by the manufacturer often have known security vulnerabilities and may lack important security features to protect against modern threats.

Medical devices

Outdated software, insufficient security features, and a lack of hardened baseline configurations can lead to vulnerabilities in medical devices. Exploitation of insulin pumps, defibrillators, and numerous other devices can compromise operations, patient safety, and data privacy

Patient portals

These websites enable patients to access electronic health records and make it easier to fill prescriptions or schedule appointments. However, a breach could expose large amounts of data and cause serious disruption due to the volume and sensitive nature of the information.

Telemedicine platforms

Telehealth relies on connecting with patients and exchanging information on the internet. Patients with vulnerable devices or networks can expose healthcare organizations to phishing, malware, and other cyber attacks.

How sensitive data can increase business liability

Biometric data

Fingerprints, retina scans, and other biometric data technologies are used by medical offices to ensure patient identification. Much like passwords, this data can be stolen and used to impersonate individuals and perpetuate cybercrime.

Financial data

Collecting and processing financial information requires adherence to industry standards. Mishandling or unauthorized disclosure of financial data can cause direct harm to patients and trigger industry and regulatory investigations.

Personally identifiable information (PII)

PII is any data that can potentially identify a specific person. PII can be used to launch cyber attacks or gain access to networks to initiate attacks. Organizations that mishandle PII or fail to respond to a data breach appropriately can be subject to fines, penalties, and other financial damages.

Protected health information (PHI)

Most healthcare organizations collect or access PHI. Bound by the Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule, they carry additional data protection and reporting requirements if an actual or suspected data breach occurs.

For more insights, download our complete guide:

Business impacts for healthcare companies

What to expect after a cyber incident

Direct costs to respond

Responding to a cyber event typically requires numerous direct costs, also known as first-party expenses. If a healthcare organization experiences a data breach involving PHI, it will require a prompt response and the need for additional legal counsel, forensic investigation, victim remediation, and notification to comply with regulatory requirements. Simple investigations can cost tens of thousands of dollars, while more complex matters can increase costs exponentially.

Liability to others

Navigating the patchwork of laws and regulations after a security incident or data breach is especially difficult for organizations that operate in a highly regulated industry across multiple legal jurisdictions. A data breach or security failure can trigger liability to third parties and cause bodily harm or injury, even if the management of healthcare records is outsourced and the organization is otherwise in compliance with applicable regulations.

Business interruption and reputation damage

A cyber event that impacts essential technology can have a significant impact on a healthcare provider's ability to operate and can be highly visible to patients and other stakeholders. Even short periods of disruption can lead to direct loss of revenue and inhibit an organization's ability to support its patients, negatively impacting not only patient retention but also the delivery of essential care.


Beyond ransomware and data breaches, cyber events can result in financial theft for a healthcare provider or its patients — often without an actual breach. If an attacker dupes someone in the billing department to alter payment instructions, an organization can lose tens or hundreds of thousands of dollars almost instantly. Attackers can also gain access to email accounts and send fraudulent invoices or payment instructions to patients, customers, and other third parties.

Recovery and restoration

After a cyber event, resuming operation is no easy task. If an attacker damages or destroys essential technology, data, or physical equipment, an organization may need to bring in external support or purchase new equipment to re-secure systems. Full remediation, restoration, and recovery can take a significant amount of time, when possible, and may require purchasing new software, systems, and consultants to rebuild the network.

Gray BG


Choosing the right
cyber coverage for your business

Cyber insurance is an essential aspect of modern risk management, offering coverage for the losses associated with data breaches, cyber extortion, business interruption, and other cyber-related incidents. 

Coalition created a Cyber Insurance Buyer's Guide to help businesses navigate the complex cyber insurance market and confidently select the right coverage for their business.

Cyber Insurance Buyer's Guide

Get an Active Insurance quote

Ask your cyber insurance broker about Coalition Active Cyber Insurance. Not connected with a broker? We’ll connect you with one of our trusted experts.

Already a policyholder?

Log in or activate your Coalition Control account, our policyholder risk management platform, to manage your business’s risk profile.