Hospitals at High Risk of Suffering Devastating Cyberattack, According to Moody’s

The following four industry sectors – hospitals, banks, market infrastructure providers, and securities firms – face significant financial risks from cyberattacks, a new Moody’s Investors Service Report has revealed.

Those four sectors were discovered to have high risk of being exposed to cyberattacks. The four sectors are all heavily reliant on technology for daily operations, distribution of content, and customer engagement. An ever-increasing digitalization and interconnectedness within each sector and across different sectors means the risk of cyberattacks is also increasing.

In Moody’s report, they assessed vulnerability to a cyberattack and the impact such an attack could have on crucial businesses operations, reputation damage and disclosure of data. Cybersecurity measures that had been deployed to protect the company against cyberattacks were not taken into account for the report, unless mitigants had been applied consistently across each sector (e.g. supply chain diversity). In total, 35 broad industry sectors were assessed for the report and each were given a rating of low-risk, medium-risk, or high-risk.

The health insurance, pharmaceutical, and medical device industries were all placed in the medium-risk category. Hospitals were rated at high-risk, with the main reasons being the sensitive and essential nature of data used by hospitals, the increasing number of vulnerabilities introduced due to connected medical devices, the value of healthcare data to hackers, and the estimated time it would take to recover from an attack as well as the disruption to the business during the mitigation of an attack.

A successful cyberattack can prove costly to mitigate. Entities which have been breached must increase investment in technology and infrastructure,  pay higher insurance premiums, cover the cost of regulatory fines and litigation, increase R&D spending. What’s more these attacks can have serious reputational effects, such as higher customer churn rates and a creditworthiness reduction.

“We view cyber risk as event risk that can have material impact on sectors and individual issuers,” stated Derek Vadala, Moody’s Managing Director. “Data disclosure and business disruption are the two primary types of cyber event risk that we view as having the potential for material impact on issuers’ financial profiles and business prospects.”

As the financial impact of a cyberattack can be substantial and long-lasting, it is vital for businesses and organizations in the high-risk sectors to have “robust sources of liquidity” to weather the storm.

While larger hospitals are likely to have more financial resources to assign to mitigating threats and recovering from cyberattacks, they are still not immune to attack. Even with these resources, they can still suffer a significant financial impact, particularly when you consider the fact that many hospitals have not purchased cyber insurance due to the high cost.

Cyberattacks on businesses and organizations in high-risk sectors have the potential to be catastrophic. This ultimately could have an impact on the ability of breached entities to pay back debts. The four high-risk industry sectors mentioned above hold a combined $11.7 trillion in rated debt.

Not only do they result in considerable financial costs and damage to an entity that is attacked, cyberattacks in the high-risk sectors would also likely have a number of ripple effects and a far-reaching impact on other industry sectors.