Moody's: Hospitals among industries with highest risk of exposure to cyberthreats

Hospitals are among the sectors facing the highest potential risks when it comes to a "rising tide" of cyberthreats, according to a recent report from Moody's Investors Service.

Four sectors that represent $11.7 trillion in Moody’s-rated debt outstanding are at high risk of cyber exposure including banks, security firms, market infrastructure providers and hospitals, the report says. That is based on an examination of vulnerability to cyber events or attacks and the potential impact in terms of disruption of critical business processes, data disclosure, and reputational effects. These sectors all significantly rely on technology and confidential information for their business.

"In our view, cyber risk is event risk and Moody’s sees a rising tide," the authors of the report wrote. "Digitization continues to increase, supply chains are becoming more complex and attacker sophistication is improving."

Hospitals represent $250.4 billion in rated debt, the report said, pointing to the sensitive and essential nature of the data collected and used by these entities and its attractiveness to hackers.

 

Among the concerns: pushes for interoperability. "Hospitals increasingly share data with various third parties, such as health insurance exchanges and other payors, necessitating the need to safeguard confidential information with modernized IT and security systems," the report said.

 

Patient data includes confidential medical records as well as Social Security numbers and insurance information. As a result, a data breach could create substantial legal risk for healthcare companies.

 

They also pointed to vulnerabilities from increasingly connected medical devices. "For medical device manufacturers, devices such as insulin pumps, defibrillators or cardiac monitoring are now in widespread use and increasingly rely on remote monitoring, which creates vulnerabilities," the authors of the report said.

 

The analysis, which looked at 35 industries, found nine with a total rated debt of $8.9 trillion were considered at medium to high risk of cyberthreats including electric utilities, health insurers and retailers.