The healthcare industry stands as a bastion of safety and well-being for society, but it finds itself under siege from an unexpected and increasingly sophisticated adversary: cyberthreats.

As the world becomes increasingly digitized, healthcare organizations are facing a formidable challenge in the form of cyberattacks. In the evolving landscape of cyberthreats in healthcare, cyber insurance is playing a pivotal role in fortifying the industry’s resilience.

“[Cyberthreats are] constantly evolving — it’s probably best handled by thinking about healthcare as a number of sub-sectors,” said Taylor Lehmann (pictured, right), director, office of the chief information security officer at Google LLC. “There’s a variety of organizations that make up the healthcare industry, and the threats and the opportunities are different for each, depending on how you look at it.”

Lehmann and Monica Shokrai (left), head of business risk and insurance at Google Cloud, spoke with theCUBE industry analysts Rebecca Knight and Rob Strechay at the mWISE Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the intricate tapestry of cyberthreats faced by the healthcare industry and discussed the evolving landscape of cyber insurance. (* Disclosure below.)

Understanding the many diverse threats to healthcare

Healthcare organizations face a multitude of cyber threats. Drawing from his experience as a former chief security officer at Athena Health and Tufts Medical Center, Lehmann talked about the dynamic nature of these threats. Hospital systems, for instance, have become prime targets due to digital extortion and ransomware attacks. These attackers exploit the critical nature of healthcare, leveraging the potential harm to patients as leverage for ransom payments, according to Lehmann.

“There’s also a ton of legacy infrastructure in these places that make them sort of target rich in a sense,” he added.

Health insurance companies often handle vast amounts of financial data and resemble banks in the companies’ appeal to cybercriminals. Med tech and pharmaceutical companies are also lucrative targets due to valuable intellectual property. Nation-states and competitors seek to gain access to these organizations’ research and development data, according to Lehmann.

“You have a couple of unique, interesting factors that go into why healthcare is an interesting target and why it’s so vulnerable,” he said. “I think if you step back and take a macro view, these are also systems that are really important to the safety of entire society. If you start messing with them, you not only compel the individual organizations to participate, but you also affect the broader society around you.”

The role of cyber insurance in strengthening healthcare resilience

In cases of cyberthreats, cyber insurance plays a big part in safeguarding healthcare providers from financial losses. Cyber insurance forms part of a holistic risk management strategy. Beyond reducing risk, it helps organizations mitigate the severity of cyber incidents, according to Shokrai.

Cyber insurance policies often include an incident response panel, providing expert support in responding to cyberattacks. This support can help organizations navigate the aftermath of a breach efficiently.

“What I think is more interesting about cyber insurance is that insurance is one of the only industries that can start to better prioritize using risk and losses, what controls and what metrics make more of an impact to customers,” she said. “Over time, if we can get the insurance industry to a place where they’re bringing in the right metrics, they can help customers improve their security and improve that feedback loop. And that’s something that we’re very interested in.”

The conversation also touched on the importance of education in the insurance industry. Google Cloud’s Risk Protection Program aims to simplify the insurance process by providing insurers with inside-out risk metrics. This innovation streamlines risk assessment and enhances the collaboration between insurers and cybersecurity experts.

“Within that program, what we’re doing is we’re helping our customers get access to cyber insurance,” she said. “We’re also a leader in the security space, Google as a whole, in addition to Google Cloud … as part of this program, there is education and thought leadership working with insurers.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the mWISE Conference:

(* Disclosure: Google Cloud sponsored this segment of theCUBE. Neither Google Cloud nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE