- Hospitals, security firms, banks, market infrastructure providers potentially face the greatest financial impact from cyberattacks, which could lead to a weakened credit profile, according to a recent Moody’s Investors Service report.
These four sectors represent $11.7 trillion in Moody’s-rated debt outstanding and are at a high risk of cyber exposure, the report authors wrote. The risk is tied to the four sectors’ reliance on confidential information and technology.
The determination was based on each sector’s cyberattack vulnerabilities, and the potential impact of service disruption to business operations, data disclosure, and loss of reputation. Radware recently found that healthcare will spend $1.4 million in advertising alone to recover from a cyberattack.
Specifically, hospitals represent about $250 billion in rated debt, with much of its risk tied to the need for data access and sensitivity of its information, according to the report. As a result, hospitals are a prime target for hackers, given its store of confidential medical records, Social Security numbers, and insurance data.
In the end, the report authors wrote, a data breach could potentially create a massive legal risk to healthcare businesses. Notably, Moody’s reported that only a small number of rated hospitals have cyber insurance for their organization due to its “high cost.”
Medical device vulnerabilities also add to the risk, given the widespread use of the tech in insulin pumps, defibrillators, and cardiac monitors, which often include remote access capabilities, the report authors explained.
The risk will continue to increase as the industry shifts toward stronger interoperability and greater data sharing with a wide range of third-party vendors, the report found. As data sharing increases, it will necessitate “the need to safeguard confidential information with modernized IT and security systems.
“In our view, cyber risk is event risk, and we see a rising tide,” the report authors wrote. “Digitization continues to increase, supply chains are becoming more complex and attacker sophistication is improving.”
“However, the universe of cyber threat actors remains the same: socially motivated attackers, hacktivists, criminals, and nation-states,” they added. “The frequency and magnitude of attacks could weaken the credit quality of the most exposed entities in the coming years.”
A recent report from Beazley Breach Insights confirmed Moody’s findings: The healthcare sector is the most targeted industry and accounted for 41 percent of all breaches reported to Beazley. About a third of healthcare’s reported breaches were related to hacking or malware attacks, with another 31 percent caused by accidental exposure.
Also notable: Healthcare had a significantly higher rate of insider breaches than any other sector. The numbers also confirm an earlier report from Protenus, which found hacking and phishing attacks surged in 2018.
Beazley found that hacking and malware attacks have rapidly increased in the past year, due a 133 percent increase in business email compromise attacks. Proofpoint researchers revealed in January that phishing attacks exploded in 2018, with credential compromise as the top goal of these hacking attacks.