Cyber insurance carriers are facing new challenges in light of the increasingly dangerous ransomware threat landscape, as evidenced by recent attacks on UnitedHealth’s Change Healthcare and CDK Global. The surge in ransomware activity in 2023 set records, and the impact on victim organizations has been significant and disruptive. The attack on Change Healthcare earlier this year left the healthcare billing and revenue services provider unable to reimburse customers, leading to delays and reportedly causing some companies to shut down.
More recently, CDK Global, a provider serving automotive dealerships, experienced extended downtime and significant disruptions following a ransomware attack. These high-profile incidents have raised concerns among infosec experts and cyber insurance vendors about the need to adapt to evolving threats and the impact on underwriting and policies going forward.
The ransomware gang BlackCat/Alphv claimed responsibility for the Change Healthcare attack, which resulted in months-long disruptions to patient care and healthcare services. Despite paying a hefty $22 million ransom, it took time for Change Healthcare to fully restore operations, prompting the National Security Agency to warn against giving in to ransom demands.
The challenges posed by ransomware attacks have put insurers in a difficult position, particularly when it comes to coverage for downstream fallout and supply chain events. Peter Hedberg, from Corvus Insurance, emphasized the need for a deeper understanding of the services used by different segments, highlighting the importance of underwriting and assessing aggregation risks.
As the insurance industry grapples with these complex issues, Sezan Seymour from Coalition stressed the importance of organizations being mindful of third-party risks and their potential impact on clients. Meanwhile, Chet Wisniewski of Sophos suggested that supply chain coverage may need to be reevaluated in light of recent attacks on CDK Global and Change Healthcare.
The incident response to the Change Healthcare attack was scrutinized by experts, with concerns raised about the company’s preparedness and resilience. While some praised Change Healthcare for its proactive response and client communication, others highlighted the need for better backup strategies and incident response planning.
Looking ahead, experts anticipate a ripple effect from these attacks, with downstream customers likely to file contingency claims and adjust their premiums. The evolving nature of cyber threats and the impact on insurance policies suggest that insurers will need to reassess their coverage options and risk management strategies moving forward.
In conclusion, the ransomware threat landscape is evolving rapidly, and insurance carriers must adapt to meet the growing challenges posed by these attacks. The incidents involving Change Healthcare and CDK Global serve as a stark reminder of the need for proactive risk management and effective incident response strategies in the face of increasingly sophisticated cyber threats.