The prevalence of cybersecurity threats in our lives in 2022 is undeniable. You do not have to look very far to understand the daily impact of cyber-attacks across the US and the world. This includes high-profile attacks such as the one on the Colonial Pipeline in 2021 and even instances of cyber-attacks among the SHO hospitals in recent years. Healthcare continues to be a primary target for bad actors and is expected to only escalate, with ransomware the biggest culprit. According to Becker’s Hospital Review, ransomware attacks affected 560 healthcare organizations in 2020 and cost over $20 billion in downtime (double the cost from 2019). Unfortunately, this trend is only expected to worsen. Between the fear of ransomware payouts, lost revenue due to inability to see patients and/or bill, and significant increases in spending to protect healthcare systems, this issue is top priority for hospital leadership.
One of SHO’s insurance offerings is cyber insurance. In 2021, the eight hospitals that belong to the SHO Risk Retention Group worked with Gallagher to complete applications for renewal. Due to the rapidly growing number of attacks in 2020 and 2021, particularly ransomware, and particularly on hospitals, the cyber insurance market was thrown into chaos by the time last summer’s SHO renewal hit. Carriers were demanding much more stringent security controls to be in place for their policy holders, while limits and retention rates became much more restrictive. SHO was able to move forward with the renewal, but it became clear that our hospitals need to escalate their collective focus not only in what the carriers are looking for, but what security controls, and accompanying investments, need to be prioritized to provide the best defense against cyber-attacks.
While cybersecurity has been a primary focus of the SHO CIO Council for years, the group is now working more closely with insurance brokers, cybersecurity experts, and legal counsel to educate, share, and implement best practices and controls aimed at the best possible preparedness for cyber coverage and protection against attacks. Specifically, the group is compiling a dashboard report to track progress at each site and share with the CEO Roundtable monthly, keeping a focus on regular dialogue on this very important topic – another example of SHO building Strength Through Partnership.