A Guide to Preventing Weaponized Files Targeted at Health Insurers


Computer screen with green cross medical cross icon, white check mark on a blue shield icon, blue line chart and text: Health Insurance - Votiro

The increased digital accessibility of the health insurance system in recent years has come with many benefits, such as easier procurement of coverage, more efficient insurance transactions, transparency in billing and lower costs – but it has also increased insurers’ exposure to cyber-attacks by overwhelming percentages.

Cybersecurity and its threat to the healthcare insurance industry

There are good reasons why hackers target the health insurance industry. It represents a veritable jackpot: valuable sensitive financial and medical data, and a lot of it. Patient records can sell for up to $1,000 apiece on the Dark Web, while credit card information sells for up to $110, and Social Security numbers sell for $1 apiece. With these financial incentives, it is not surprising that HIPAA reports that 9,652,575 healthcare records were compromised in the first half of 2019. 

On top of this, COVID-19 has increased pressure on the health insurance industry. With resources focused on other areas, cyber-criminals recognize the opportunity to ramp up their malicious attacks.

How do weaponized files carry out health insurance cyber-attacks?

Hackers realize that most health insurers’ networks have safeguards in place to help them fortify against health insurance cyber-attacks. They therefore take the easiest route in: they target unsuspecting users hoping that human error will open the door to their malicious hacking schemes. Malware can be injected into a health insurer network or infrastructure in several ways.

Attachment-based phishing

A common method used by attackers to exploit vulnerabilities is phishing: sending email messages that contain a malicious attachment but look harmless to the recipients. When a recipient opens the attachment, malware is deployed, and the targeted attack begins. During COVID-19, cyber-criminals took advantage of the increased propensity and interest in the news to carry out phishing attacks, using pandemic-themed messages to lure unsuspecting users into opening malicious attachments. It only takes one employee to click on a malicious attachment, and the entire health insurance network can be compromised.

Large amounts of files processed

Health insurance companies accept a large number of files from a wide range of senders, whether directly or through marketplaces. Whether it is a benefit claim sent from a hospital or an approval application uploaded from a patient, health insurance companies open themselves up to file-borne threats from any device or system involved in the file exchange. There doesn’t even have to be malicious intent involved: for example, if a customer’s home computer has been infected with malware, that infection could easily spread to a file sent by the customer hoping to obtain health insurance coverage, which is then opened by the health insurance company.

Collaboration with third-parties

The same risk occurs when insurers collaborate with third-party vendors to service their customers. Every time a customer or a vendor connects with the insurer network, there is a risk for malware to be injected along with the legitimate data. With the appearance of COVID-19, digital healthcare services – like TeleDoc – are accelerating the adoption of digital healthcare, creating even more healthcare partners and third-parties, and thereby broadening the industry’s potential attack surface.

Health insurance cyber-attack examples

The health insurance industry has suffered more than its fair share of cyber breaches over the years due to weaponized files. Here are a few examples of different data breach attacks on health care insurers.

Anthem Healthcare: Notorious for holding the record for the biggest data breach in the history of the entire healthcare system, health insurer Anthem Healthcare experienced the theft of 78.8 million records in January 2015. Highly sensitive data was stolen, including names, Social Security numbers, dates of birth and addresses. Hackers used spear-phishing to trick employees into revealing usernames and passwords, which allowed them access to the insurer’s systems. Anthem was recently ordered to pay almost $40 million in damages, on top of the $115 million they paid out to victims for breach of privacy claims.

Blue Cross Blue Shield: As an example of a breach executed through a vendor’s network, in 2016, 3.47 million patients had their information exposed due to a data breach in healthcare ID card-issuer NewKirk Products. The third-party breach impacted a number of branches of the insurer Blue Cross Blue Shield, with hackers gaining access to personal information including names, dependents and Medicaid ID numbers, and other sensitive data.

Benefit Recovery Specialists: In April 2020, Benefit Recovery Specialists, a Houston-based company that offers billing and collection services to healthcare providers and payers, experienced a breach. A hacker used social engineering to obtain employee credentials and then inject malware into the insurer’s systems. The malware breached the data of 274,837 patients from several healthcare insurers and providers. The compromised data included personal information such as dates of birth,  diagnosis codes, dates of service, and policy numbers.

How to protect against weaponized files in health insurance cyber-attacks

To avoid being compromised as a result of a cyberattack, health insurance companies must protect themselves against weaponized files. The only way to ensure a file is truly safe while maintaining its accessibility is by deconstructing it, removing any malicious or suspicious elements that do not match the format’s set policies or standards and destroying them, while reconstructing the neutralized file for full functionality – all within the rapid pace of the business workflow.

With Votiro, 100% protection against weaponized files is guaranteed. Unlike detection-based file security solutions that scan for suspicious elements and block some malicious files, Votiro’s revolutionary Positive Selection® technology allows through only the safe elements of each file, ensuring every file that enters the organization is 100% safe.

To learn more about Votiro’s innovative approach to file security, click here.

background image

News you can use

Stay up-to-date on the latest industry news and get all the insights you need to navigate the cybersecurity world like a pro. It's as easy as using that form to the right. No catch. Just click, fill, subscribe, and sit back as the information comes to you.

Subscribe to our newsletter for real-time insights about the cybersecurity industry.