The rising threat of cyberattacks in healthcare

The healthcare sector is a prime target for cybercriminals. With sensitive information and critical systems at stake, healthcare institutions need to prioritise cybersecurity for the sake of their patients and reputations.

The increasing risk of cyberattacks

There is no doubt that cyberattacks in Australia are on the rise. According to the ASD Cyber Threat Report 2022-2023, a cyber security incident was reported to law enforcement every 6 minutes.

The Cyber Threat Report also states that the cost per cyber event has increased by around 14% since the previous year. This means that, on average, a cyberattack will cost a small business $46,000. For medium-sized businesses, it will cost $97,200 on average.

Why is the healthcare sector at risk of cyberattacks?

In a report from the Office of the Australian Information Commissioner (OAIC), healthcare is the most targeted sector by cybercriminals. In the same report, it was found that health information was the third highest type of data exposed in a data breach.

SME healthcare businesses make easy targets

Just about everyone in Australia knows about the high-profile 2022 Medibank data breach. But while large companies tend to make big headlines, the truth is that small and medium-sized companies are just as susceptible to a cyberattack – if not more so, due to the fact their cybersecurity measures are often not as strong or comprehensive.

In a recent insurer partner’s claims example, a small, 6-staff medical service provider’s computer system was compromised by a ransomware attack. As the business could no longer access their patient’s data, it was forced to cease operating.

The insurer hired an IT forensic consultant to repair the damage to the insured’s system and determine if the hacker still had access. Then, a law firm was engaged to assist with the remediation process and advise on whether the client needed to report the incident to the Privacy Commissioner. A payment of $63,000 was made to cover business interruption losses, forensic investigations, and legal costs.

If the medical services provider had not had Cyber Insurance, then they would have suffered significant financial losses. On top of this, they would have had to do their own research and investigation that were otherwise arranged by the insurer.

The facts are clear – the healthcare industry is a major target for cybercriminals, whether it’s a nation-wide organisation being or a small, local clinic.

There are more cybersecurity vulnerabilities than ever before

As technology advances, the risks of a cyberattack can also increase. A growing number of healthcare and medical devices now need the internet to function – from digital thermometers to medical imaging devices. Each of these Wi-Fi-enabled devices becomes a vulnerable point in the network that cybercriminals could exploit.

Cybercriminals can hack devices that are connected to a network and use these as entry points to gain access to the system. This can allow them to access sensitive patient data and even gain access to your computer network.

Helping clients understand the need for cybersecurity

Selling Cyber Insurance to SME healthcare providers does have its challenges. Many small-to-medium healthcare practices and clinics may simply not recognise their vulnerability to cyberattacks, or that the sensitive patient data they handle every day represents a very lucrative target for cybercriminals.
However, given the increasing frequency of cyberattacks, the financial and reputational cost to businesses, and the potential damage caused to patients, the need for solid cybersecurity in healthcare cannot be understated.

Another recent insurer partner’s claim involved a community-based healthcare services provider specialising in mental health and drug and alcohol services. This organisation was targeted by cybercriminals who used social engineering to compromise the organisation’s business email addresses. A total of $11,581 was paid out to the insured due to the damages caused by the cyberattack.

The fallout from a cyberattack is not just financial

Even if your clients recognise the need for cybersecurity, they could still be concerned with the cost of Cyber Insurance. This is where brokers can emphasise the potential financial impact of a cyber incident. The cost of resolving data breaches in healthcare often involves financial losses and regulatory fines. On top of this, clients and patients could lose trust in the targeted organisation and the business’s reputation may never recover.

By highlighting these points, brokers can help healthcare providers see the value in investing in Cyber coverage, ultimately protecting their practice and patients.

BizCover for Brokers’ Cyber Insurance offering

Cover your healthcare SMEs with Cyber Liability in minutes through the B4B platform.

  • Instant quotes from three leading three insurers: AIG, DUAL and Chubb
  • More than 5,000 occupations covered
  • Limits up to $2 million
  • Insured turnover up to $50 million.

You can also create a comprehensive insurance package by binding up to 8 products at the same time, including Professional Indemnity, Management Liability and more – all with a single entry.

Log in to bind Cyber Insurance for your healthcare clients today.


BizCover for Brokers acts as agent of the insurer and not as the agent of you or your client. Any advice provided is general advice only and does not take into account the personal objectives, financial situation or needs of you or your client. Always read the Product Disclosure Statement or Policy Wording (available on our website).

This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording.

© Copyright 2024 BizCover Pty Limited. BizCover for Brokers is a business name of BizCover Pty Ltd (ABN 68 127 707 975; AFSL 501769).