The insurance industry, with its vast size, scope, and the significant amount of sensitive data it manages, has become a prime target for cybercrime. The shift towards digital channels in recent years has led to a dramatic increase in cyberattacks against the industry.
Recent Cyberattacks on Insurance Companies
Bitmarck Cyberattack
In late April 2023, Bitmarck, a major IT service provider for Germany’s statutory health insurance system, was attacked, affecting many of its clients. The company took all its customer and internal systems offline, impacting those who rely on Bitmarck to issue their electronic sickness certificates. Bitmarck did not reveal the nature of the attack but assured that patient data was not endangered. This hack impacted over 300,000 insurance policy holders
Point32Health Ransomware Incident
In mid-April 2023, Point32Health, the second-largest health insurer in Massachusetts, suffered a ransomware attack that resulted in major technical outages. The members affected by the cyberattack were mostly those covered under Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans. This hack impacted 2.5 million people.
Insurance Information Bureau of India Cyber Breach
In April 2023, the Insurance Information Bureau of India (IIB) fell victim to a cyberattack, compromising some data. The IIB is the industry’s regulatory body in India, with the latest figures showing that India’s insurance sector includes 57 insurers.
Latitude Financial Data Breach
In March 2023, a record 14 million customer records were stolen in a cyberattack targeting Latitude Financial, a financial services giant in Australia and New Zealand. The data breach is the largest ever recorded in New Zealand in terms of the number of affected individuals.
The data breach numbers at Latitude Financial:
| Type of Data | Quantity |
|---|---|
| Driver License Numbers | ~7.9 million |
| Copies of Driver Licenses or Passports | ~103,000 |
| Passport Numbers | ~53,000 |
| Monthly Account Statements | <100 |
| Loan Applications (Income and Expense Info) | ~900,000 |
| Bank Account Numbers | ~308,000 |
| Credit Card or Credit Card Account Numbers | ~143,000 |
Capita Cyberattack
In March 2023, a cyberattack on UK-based IT services provider Capita affected up to 350 pension funds, potentially compromising personal data belonging to millions of retirement savers. The Universities Superannuation Scheme (USS), the largest private pension pot in the UK, was among those affected.
NationsBenefits Data Breach
In April 2023, Florida-based healthcare benefits provider NationsBenefits disclosed that thousands of its members had their personal information compromised in a late-January ransomware attack targeting Fortra’s GoAnywhere platform, a file-transfer software that the firm was using.
Why is the Insurance Industry Being Targeted?
The type of data that insurers collect, process, and store in substantial amounts, including personal identifiable information (PII), makes these companies especially vulnerable to cyberattacks. Cybercriminals are also attracted to the fact that insurance companies have rich connections with various financial institutions through investments, debt issuance, and capital raising.
Common Cyber Threats
The top five threats facing the insurance industry are ransomware attacks, phishing, compromise and sale of policyholder data, state-sponsored attacks, and hacktivist attacks.
Understanding the Potential Impact of Data Breaches Across Insurance Sectors
Data breaches in insurance companies can lead to the exposure of a wealth of sensitive information. The type and extent of data compromised can vary significantly, depending on the specific sector of the insurance industry that is targeted.
Car Insurance Companies:
A breach in a car insurance company can provide attackers with access to comprehensive user profiles. This can include details about the insured vehicles such as make, model, and mileage, as well as potentially sensitive information about the policyholders’ driving habits. Personal information such as home addresses, contact details, and financial data used for premium payments can also be compromised.
Health Insurance Companies:
For health insurance companies, a data breach can lead to the exposure of sensitive health-related information. This can encompass medical histories, diagnoses, treatment plans, and prescription details.
Pet Insurance Companies:
In the case of pet insurance companies, a breach can reveal information about the insured pets, including their breed, age, health conditions, and treatment history. This could potentially include information about high-value pets, making them targets for theft or fraud.
In all instances, the compromised data can be exploited for various malicious purposes, including identity theft, fraud, and targeted phishing attacks.
