Skip to main content

Keeping pace with cyber risk

Why the healthcare industry must remain diligent

Executive perception that cyber risk will decrease over the next year is surprising, especially as the healthcare industry is one of the most heavily targeted for ransomware. It is concerning that this perceived decrease in risk might signal a pullback on IT security among overconfident organisations.  

Healthcare and life sciences organisations that believe themselves to be protected simply because they have already taken steps to address cyber risk or because they consider themselves too small to be a target are misguided in their assumptions. In truth, no one knows what the new cyber threat will be; this is a risk that evolves swiftly, and organisations must be diligent to keep up.

line drawing
Cyber is a significant industry risk due to the sheer amount of personal, identifiable information attached to medical records. Each record contains an individual’s name, social security number, addresses current and past – basically everything needed to assume someone’s identity. This data is hugely profitable to those wanting to cause harm."
Jennifer Greggs

Underwriter - Miscellaneous Medical & Life Sciences

Key Findings

Explore what a medium or low risk environment means for healthcare and life sciences organisations.

line drawing
The healthcare industry uses the services of numerous external entities that will have access to IT networks, systems, and even physical data. A breach through one of these entities could lead to the breach of many others, so it’s essential to examine data security diligence and standards practices carefully when vetting service providers."
Elena Alhambra

Underwriting Manager, International Miscellaneous Medical & Life Sciences (London)

How we can help

The bottom line: don’t underestimate cyber risk

Some larger healthcare organisations are fortunate to have IT teams in place to address cyber risk. But even these organisations need to be cognisant that risk prevention is an ongoing need. Systems must be tested regularly, and running vulnerability tests and performing patches are essential to ensure your security is up to date. In addition, consistent employee training must be incorporated into a strong cybersecurity program. Small startups, despite being lean, can utilise third party tools to follow security best practices and can leverage preexisting education materials to keep their team up to date on the shifting threat landscape.  

Every company can benefit from thinking about a Plan B should a breach occur. They need to be aware of the risks and not rely solely on their IT team to handle risk mitigation. Organisations are well-advised to prepare for the potentially massive financial loss and to consider how they would mitigate risk and respond in the event of a breach. Insurance can not only provide financial protection, but also serve as a great resource and source of support before, during and after a cyber incident. 


The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or adviceAlthough reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. 

² Healthcare orgs only dedicate 6% of IT budgets to cybersecurity (