Recent Cyberattacks on Insurance Companies 2023

Estimated read time 4 min read

The insurance industry, with its vast size, scope, and the significant amount of sensitive data it manages, has become a prime target for cybercrime. The shift towards digital channels in recent years has led to a dramatic increase in cyberattacks against the industry.

Recent Cyberattacks on Insurance Companies

Recent Cyberattacks on Insurance Companies
Recent Cyberattacks on Insurance Companies

Bitmarck Cyberattack

In late April 2023, Bitmarck, a major IT service provider for Germany’s statutory health insurance system, was attacked, affecting many of its clients. The company took all its customer and internal systems offline, impacting those who rely on Bitmarck to issue their electronic sickness certificates. Bitmarck did not reveal the nature of the attack but assured that patient data was not endangered. This hack impacted over 300,000 insurance policy holders

Point32Health Ransomware Incident

In mid-April 2023, Point32Health, the second-largest health insurer in Massachusetts, suffered a ransomware attack that resulted in major technical outages. The members affected by the cyberattack were mostly those covered under Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans. This hack impacted 2.5 million people.

Insurance Information Bureau of India Cyber Breach

In April 2023, the Insurance Information Bureau of India (IIB) fell victim to a cyberattack, compromising some data. The IIB is the industry’s regulatory body in India, with the latest figures showing that India’s insurance sector includes 57 insurers.

Latitude Financial Data Breach

In March 2023, a record 14 million customer records were stolen in a cyberattack targeting Latitude Financial, a financial services giant in Australia and New Zealand. The data breach is the largest ever recorded in New Zealand in terms of the number of affected individuals.

The data breach numbers at Latitude Financial:

Type of DataQuantity
Driver License Numbers~7.9 million
Copies of Driver Licenses or Passports~103,000
Passport Numbers~53,000
Monthly Account Statements<100
Loan Applications (Income and Expense Info)~900,000
Bank Account Numbers~308,000
Credit Card or Credit Card Account Numbers~143,000
Table summarizing the data breach at Latitude Financial | source

Capita Cyberattack

In March 2023, a cyberattack on UK-based IT services provider Capita affected up to 350 pension funds, potentially compromising personal data belonging to millions of retirement savers. The Universities Superannuation Scheme (USS), the largest private pension pot in the UK, was among those affected.

NationsBenefits Data Breach

In April 2023, Florida-based healthcare benefits provider NationsBenefits disclosed that thousands of its members had their personal information compromised in a late-January ransomware attack targeting Fortra’s GoAnywhere platform, a file-transfer software that the firm was using.

Why is the Insurance Industry Being Targeted?

The type of data that insurers collect, process, and store in substantial amounts, including personal identifiable information (PII), makes these companies especially vulnerable to cyberattacks. Cybercriminals are also attracted to the fact that insurance companies have rich connections with various financial institutions through investments, debt issuance, and capital raising.

Common Cyber Threats

The top five threats facing the insurance industry are ransomware attacks, phishing, compromise and sale of policyholder data, state-sponsored attacks, and hacktivist attacks.

Understanding the Potential Impact of Data Breaches Across Insurance Sectors

Data breaches in insurance companies can lead to the exposure of a wealth of sensitive information. The type and extent of data compromised can vary significantly, depending on the specific sector of the insurance industry that is targeted.

Car Insurance Companies:

A breach in a car insurance company can provide attackers with access to comprehensive user profiles. This can include details about the insured vehicles such as make, model, and mileage, as well as potentially sensitive information about the policyholders’ driving habits. Personal information such as home addresses, contact details, and financial data used for premium payments can also be compromised.

Health Insurance Companies:

For health insurance companies, a data breach can lead to the exposure of sensitive health-related information. This can encompass medical histories, diagnoses, treatment plans, and prescription details.

Pet Insurance Companies:

In the case of pet insurance companies, a breach can reveal information about the insured pets, including their breed, age, health conditions, and treatment history. This could potentially include information about high-value pets, making them targets for theft or fraud.

In all instances, the compromised data can be exploited for various malicious purposes, including identity theft, fraud, and targeted phishing attacks.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author