The cybersecurity challenges faced by insurance carriers are different and often more demanding than those faced by other industries. Reasons include the vast amount of custodial data insurance companies hold;
the personal health data insurers have collected from policyholders, which is extremely attractive to cyber terrorists; and,
unfortunately, the lax security standards of legacy systems that
many large carriers still cling to, which make them even more
“What we are seeing on the dark web, where organized
criminals are working, is they take medical records and they sell
them on the internet,” says Bryant G. Tow, managing partner,
CyberRisk Solutions, a security consulting firm.
Recently there was a dump of nine million medical records
on the dark web, according to Tow. No one has announced a
breach as of this writing, so some company was breached and
might not know it yet or the company is going through the
breach notification process.
Tow views this data dump as significant because typically
records are dumped in smaller chunks—100,000 or 150,000 at a
time—to make them more esily digestible for the buyer.
Tow believes hackers use this method to avoid capture
because those fighting for data protection often buy the smaller
dumps, look at the records, and triangulate them to find where
the breach came from. He explains that’s how Target, Home
Depot, and other custodial data breaches were discovered.