TLP White: This week, Hacking Healthcare begins by looking at an aspect of insider threats that often doesn’t receive enough attention from those in charge of organizations’ cybersecurity. Next, we assess some bleak statistics on the state of cybercrime during COVID-19 with an eye towards the lessons we might draw from them. Lastly, we update you on the state of cyber insurance by describing three significant developments that have driven organizations to purchase cyber insurance policies.


Please give us a minute of your time to answer a few questions about this week’s Hacking Healthcare topics. We’ll publish the results in an upcoming issue. Survey link follows the articles below. 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)


Welcome back to Hacking Healthcare.



1. COVID-19 and Insider Threats.

As we have noted in previous editions of this newsletter, insider threats are an insidious and difficult problem to deal with. Because it is challenging to assess the various and occasionally complex motivations that an employee may have to engage in malicious activity against their employer ahead of time, organizations often focus efforts on technical approaches that seek to mitigate potential harm. While technical approaches embodying principles like “least privilege” and “separation of duties” can be effective and useful for mitigating the damage done by an inside threat, organizations shouldn’t forget the human element when assessing ways to manage security risk posed by insiders. In an interview given to NextGov, Jacqueline Atiles, program director of the US State Department’s insider threat program, made sure to illustrate that point.[1]

According to Atiles, it is clear that COVID-19 has increased stress levels. Atiles noted: “We’re starting to see people who, when they were on the edge, they’re really losing it. And people who may have been able to handle the stress before, are starting to peak.”[2] She continued by noting the importance of managers staying connected with their workforce and emphasized that engaging in activities that lessen the amount of isolation individuals may feel is essential.[3]


Furthermore, Atiles highlighted the elevated importance of managing the onboarding and offboarding process for employees. According to her, with so many organizations working remotely during COVID-19, there is an increased risk that newly onboarded employees don’t know “what their security requirements are,” because organizations are “just worried about getting them set up on the IT systems without the education piece of explaining what [they] can or cannot do.”[4] This extends to offboarding as well, where there is an increased risk that non-disclosure agreements and other typical in-person offboarding processes are missed, or that internal deprivileging and credential deletions are forgotten.


Action & Analysis

**Membership required**



2. COVID-19’s Impact on Cybercrime.

As COVID-19 rages throughout the world, the impact it is having on cybercrime continues to come to light. This week, ZDNet published a bleak list of ten facts, figures, and trends that highlights how cybercrime is adapting to a world that has hastily transitioned to remote work and services.

Some of the more interesting reported facts and figures are:


  • – “[U]sers are now three times more likely to click on pandemic-related phishing scams.”[5]
  • – “90% of newly created coronavirus domains are scammy” and “tens of thousands of new unique coronavirus-themed domains are being created on a daily basis.”[6]
  • – “More than 530,000 Zoom accounts [have been] sold on [the] dark web.”[7]
  • – Reports by Skybox Security and SonicWall suggest COVID-19 has led to 72% and 105% ransomware spikes respectively.[8]
  • – Spear-phishing attacks jumped over 600% from the end of February to the end of March.[9]


While the methodology behind all these numbers is likely imperfect, and some of the studies are limited to the networks the researchers have access to, the overall picture is bleak. However, certain valuable lessons can be learned by closely examining these kinds of statistics.



Action & Analysis

**Membership required**



3. Cyber Insurance Update.

With cyber insurance increasingly becoming a normal feature of an organization’s cybersecurity approach, we decided to check back in and examine the factors driving cyber insurance adoption. According to Ben Maidment, underwriter at Brit Insurance, the European Union General Data Protection Regulation (GDPR), the rise of ransomware, and the decline in coverage ambiguity are all prominent drivers.[10]

Maidment noted that cyber insurance certainty did see an uptick in the wake of GDPR, as several high-profile cyber incidents highlighted just how expensive and damaging modern cyberattacks could be. However, Maidment tempered how much GDPR is a leading cause of cyber insurance adoption by pointing out that a lack of clarity over whether cyber insurance would cover GDPR related regulatory fines disincentivized organizations from purchasing policies.[11] In Maidment’s estimation, ransomware and coverage clarity may be more responsible causes of entities’ increased interest in cyber insurance.


Ransomware certainly has the numbers to back that notion. Ransomware has risen considerably over the past few years, with Beazley Breach Response reporting a 131% increase in 2019, and on top of that, ransomware has been estimated to make up 41% of all cyber insurance claims in the first half of 2020.[12] According to Coalition, a cyber insurance vendor, over the first six months of 2020, they have seen a “47% increase in the number of ransomware attacks, with the average size of the demand jumping by 46%.”[13]


However, it is the third driver Maidment mentions that is most interesting. Maidment cites the “industry and regulatory push to eliminate ambiguity over coverage for cyber incidents in non-specific policies commonly purchased by companies with the mandate to either explicitly provide such coverage or to exclude it altogether,” as a primary driver.[14] According to Maidment, this has caused coverage of cyber incidents to fall more firmly in specific, standalone cyber insurance products, as clarity and pricing can be more adequately addressed in those specific products’ descriptions.


Action & Analysis

**Membership required**



Please take one minute to answer a few questions about this week’s Hacking Healthcare by visiting this link




Tuesday, September 15th:

– No relevant hearings


Wednesday, September 16th:

– No relevant hearings


Thursday, September 17th:

– No relevant hearings




International Hearings/Meetings


– No relevant hearings



EU –





Sundries –


Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency


NSA’s Cybersecurity Directorate is still figuring out how to measure success


Judge dismisses data privacy suit against University of Chicago and Google



Conferences, Webinars, and Summits


Contact us: follow @HealthISAC, and email at
















Translate »