The insurance industry’s sheer size and scope, along with the substantial amount of sensitive data it manages and stores, make the sector a prime target for cyber crime. And with insurance companies increasingly shifting key processes to digital channels in recent years, the volume of cyberattacks against the industry has likewise risen dramatically.
In this part of our cyber crime report, Insurance Business lists down the most recent cyberattacks targeted at the insurance industry. We will discuss the scale and magnitude of these attacks and the impact of the aftermath. This article will also explain the most common cyber threats hounding the sector and what businesses can do to protect themselves.
This piece can serve as a useful reference for both customers and insurance professionals on the different threats the industry is facing and what cybersecurity measures they can take to mitigate the impacts of such attacks.
Date of notice: March 1, 2024
Date discovered: February 13, 2024
Date of attack: October 29 to November 3, 2023
Location: US
Fidelity Investments Life Insurance Co. has reported that personal information of more than 28,000 customers was compromised in a recent cyberattack.
In a notification filed with the Maine Attorney General’s Office, the company revealed that the hack occurred at Infosys McCamish Systems, a third-party service provider. The incident happened between October 29 and November 2, 2023.
Infosys McCamish is still investigating the data breach, but Fidelity officials believe that among the personal information accessed are customer names, states of residence, Social Security numbers, dates of birth, and bank accounts and routing information.
Date of attack: February 20, 2024
Date reported: February 21, 2024
Location: US
UnitedHealth Group has disclosed that a massive cyberattack has caused a nationwide outage to one of its computer systems used to transmit data between healthcare providers and insurance companies. The cyber crime prevented some pharmacies from processing prescriptions.
In an SEC filing dated February 21, the health insurance giant said that hackers accessed its subsidiary Change Healthcare systems, prompting the insurer to disconnect from other parties. It added that no other systems were affected.
UnitedHealth is working with law enforcement and cybersecurity experts but can’t say when the service will be restored at the time of the filing.
Date of attack: February 4, 2024
Date detected: February 5, 2024
Location: US
Prudential Financial has informed the US Securities and Exchange Commission (SEC) that it fell victim to a cyberattack that may have compromised sensitive information of employees and contractors.
In a Form 8-K filing, the insurance giant said that it detected the data breach on February 5, a day after hackers gained unauthorized access to some of its systems.
The insurer said that the attackers were able to access company administrative and user data stored on the compromised systems. It did not report, however, how many employees and contractors were affected by the cyber crime.
Prudential Financial said that it has not found evidence of customer data theft but added that investigations into the matter were still ongoing.
Date of notice: January 26, 2024
Date of attack: November 29, 2023
Location: US
Life and health insurance giant Washington National Insurance Company has fallen victim to a data breach after a senior officer was targeted in a SIM-swapping attack.
The insurer filed a notice of data breach with the Attorney General of Massachusetts confirming that hackers gained access to client’s sensitive information, including their names, dates of birth, Social Security numbers, and policy numbers.
Washington National Insurance is reaching out to the 20,360 individuals affected by the cyberattack.
Date of notice: January 26, 2024
Date of attack: August 21-27, 2023
Location: US
Insurance consulting and brokerage firm Keenan & Associates is sending notices to more than 1.5 million clients, warning that their personal information has been compromised in a recent data breach.
In a notification sent to the Office of Maine Attorney General, the California-based brokerage firm confirmed that the data breach occurred between August 21 and 27, 2023. During that time, hackers accessed the company’s system and stole customers’ personal data.
Keenan said exposed personal information varies by individual but includes:
The company added that it has already notified affected parties and has started sending out written notices.
Keenan’s client base spans a range of sectors, including education, healthcare, and public agencies. It is a part of AssuredPartners NL, one of the largest brokerage firms in the US.
Date posted: January 14, 2024
Location: US
The sale of compromised data allegedly from car insurance specialist GEICO surfaced on a dark web forum, putting the Berkshire Hathaway-owned insurer once again under scrutiny.
A threat actor identified as “wangfei19860902055” posted the details on the Nuovo BreachForums. The data breach reportedly involved 552,900 records containing personal information, including names, phone numbers, and addresses.
The post states: “GEICO Private Automobile Insurance Company of America, total 552,900 entries, de-focused, all screened open WS First-hand data, see screenshot below for formatting. Sold as a whole, not split, for data security reasons. Samples are as follows.”
Cyber crime report – screenshot of GEICO compromised data on dark web
Source: X (formerly Twitter)
GEICO has yet to release an official statement regarding the data breach.
The attack follows a cyber incident in August 2023, where GEICO faced a nationwide class action lawsuit for compromising customer privacy by releasing driver’s license numbers. Identity thieves exploited the situation by using the numbers to fraudulently claim unemployment benefits.
Date disclosed: December 20, 2023
Location: US
First American Financial, the second largest title insurer in the US, has announced that it has contained a previously disclosed cyberattack in an amended 8-K filing. The firm confirmed that it has restored some of its systems and resumed normal business operations.
On December 20, the insurance giant was forced to shut down systems of several of its subsidiaries, including its First American Trust banking unit, after it detected a data breach. The company said hackers accessed, stole, and encrypted non-production systems data.
First American is still investigating the cyber incident and has not yet determined whether it will have significant impact on its financial condition and operational results.
Date of confirmation: December 6, 2023
Date of attack: May 2023
Location: US
Pan-American Life Insurance Group (PALIG) has confirmed that its data was compromised through the MOVEit cyberattack, adding the life and health insurer to the hack’s growing list of victims.
The attack, which happened in May, has impacted more than 2,500 businesses worldwide.
An investigation found that the hackers stole files that contained personal information of individuals, including:
PALIG also confirmed that it has ceased using MOVEit platform since the vulnerability was announced.
Investigation completed: November 27, 2023
Date of discovery: June 1, 2023
Date of attack: May 27 to 30, 2023
Location: US
Almost seven million patients of Delta Dental California had their personal information compromised as the insurer has been added to the growing list of victims of the MOVEit hack.
Delta Dental, which is the largest insurer in the US, confirmed the data breach in a recent notification. The firm said that unauthorized actors had accessed and stolen data from its systems between May 27 and 30, 2023. The company learned about the cyberattack on June 1, 2023.
Among the data compromised were names, financial account numbers, and credit card numbers, including security codes. Delta Dental has been providing 24 months of free credit monitoring and identity theft protection services to impacted patients.
Date of attack: November 19, 2023
Location: US
Fidelity National Financial (FNF) has revealed that a cyberattack brought down its systems, causing service disruptions.
The Florida-based industry giant, which is one of the largest title insurers in North America, has confirmed the incident in a Form 8-K filing with the Security and Exchange Commission (SEC).
Among those impacted by the cyber crime are the company’s:
“Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials,” FNF’s SEC filing stated.
The company restored all its services last November 29.
Date of notification: November 17, 2023
Date of attack: May 28-31, 2023
Location: US
Health insurance giant Blue Shield has joined the growing number of victims of the MOVEit data breach, which has impacted businesses worldwide. The attack has potentially exposed records of millions of patients to cybercriminals.
A notice in the Oakland-based insurer’s website dated November 17 stated that personal information compromised included:
The notice did not specify the number of patients affected, although Blue Shield’s membership numbers around 4.5 million.
Blue Shield confirmed that the MOVIEit platform, which it uses to transfer and store sensitive patient information, was the victim of the breach. The insurer was notified of the attack on September 1. An investigation found that the cyberattack took place between May 28 and 31.
The health insurer added that the hack targeted only MOVEit servers. The company’s internal emails and systems were not accessed.
Date of attack: November 16, 2023
Location: UK
England-based car insurer Sabre Insurance has confirmed that it was targeted by a cyberattack, but said its defenses held up, preventing any sensitive data from being compromised.
In a notification of the cyber incident filed with the London Stock Exchange, the Dorking-headquartered firm said its security controls worked “promptly and effectively. The insurer added that the attack was contained before the hackers were able to access any sensitive areas of its systems.
“Due to the effective segregation of the company's systems, customers have continued to be able to make changes to existing policies, report claims, and buy new policies securely,” Sabre said in the statement.
A cybersecurity partner assisted with the management, assessment, and resolution of the incident.
Date of attack: November 4, 2023
Location: Russia
Russia’s second-largest insurer Rosgosstrakh suffers a massive cyberattack, with information of Russian military intelligence agents among the data compromised.
According to this website’s cyber crime report, the hackers are selling 400GB of stolen data online for $50,000 in Bitcoin (BTC) or Monero (XMR) cryptocurrency. Among the information they accessed were personal and insurance-related information belonging to three GRU agents, Russia’s military intelligence agency.
The cybercriminals gained full access to investment and life insurance department records dating back to 2010, as well as personal information of 730,000 individuals. This includes Russian Social Security Numbers (SNILS) of around 80,000 individuals and complete bank routing information of 45,000 individuals.
The hackers also claim to have accessed life insurance policies, contracts, and associated attachments. These include passports and scanned documents of public officials or their immediate relatives.
Date of attack: October 2023
Location: US
American Family Insurance has confirmed that it has suffered a cyberattack, prompting it to shut off parts of its IT systems to prevent the spread of the data breach.
“This week, the technology teams at American Family Insurance detected unusual activity in a portion of our network,” a spokesperson from the insurer told this news outlet. “We quickly took precautionary measures to protect data and resources and shut down several business systems.
“We recognize the system outages are impacting customers, agents, and employees, and we appreciate their patience and understanding.”
The company said it hasn’t detected any compromises to “critical business, customer data processing, or shortage systems,” with many of its business units able to continue without interruption. The firm added that an investigation on the cyberattack has been ongoing.
IT outages at the company have affected its phone and online services. Policyholders have reported being unable to file claims or pay bills online. Clients trying to access online services have been instructed to contact the company via phone instead.
American Family hopes to conclude its investigation and bring its systems back online soon.
Date of attack: September 22, 2023
Location: Philippines
The Philippine Health Insurance Corp. (PhilHealth), which operates the country’s National Health Insurance Program, was hit with Medusa ransomware, with hackers demanding $300,000 in exchange for the stolen data.
This prompted the agency to disable or unplug its systems, including its website and member portal, as part of cybersecurity containment measures. On September 29, the country’s Department of Information and Communications Technology announced that it has started restoring stolen data and determining the origin of the cyberattack.
The government-owned health insurer has yet to disclose what information was stolen.
Lawsuit filed: September 22, 2023
Date of attack: May 31, 2023
Location: US
Medicaid managed-care non-profit CareSource has been slapped with a multi-million-dollar lawsuit for a data breach that struck one of its vendors last May 31.
Victims are seeking more the $9.9 million in damages, claiming the Ohio-based insurer didn’t have adequate cybersecurity measures in place, which caused more than three million customers to have their personal data compromised.
One of CareSource’s software vendors MOVEit fell victim to a cyberattack, with the hackers stealing private identification and health information among others.
The lawsuit accused the insurer of violating health privacy laws by failing to protect personal health information and failing to follow industry standards for cybersecurity. CareSource has yet to file a response in court.
Date of attack: Undisclosed
Date reported: July 7, 2023
Location: US
Major insurer American National Insurance Company has confirmed that one of its vendors, Progress Software, has fallen victim to a data breach impacting thousands of its customers. A cyber crime report from this website reveals that the insurer was targeted by hackers exploiting the MOVEit vulnerability and became aware of the incident on July 7.
The report added that compromised data might vary depending on the individual, but could include customer’s name, Social Security number, address, financial account information, and medical information.
A notice filed on August 7 with the Texas Attorney General has disclosed that around 35,550 Texans were affected. This, however, provides limited information about the incident. The notice also showed that impacted individuals would be notified by the insurer through US mail.
Date of attack: June 13, 2023
Location: Malaysia
Prudential Malaysia confirmed in a statement that two of its subsidiaries were among the victims of the MOVEit data breach, which affected businesses across the globe. The affected companies were Prudential Assurance Malaysia Berhad (PAMB) and Prudential BSN Takaful Berhad (PruBSN).
MOVEit Transfer is a secure managed file transfer (MFT) software that enables the exchange of data between applications, servers, systems, and users within and between different businesses. The firm said the hackers exploited a zero-day vulnerability to commit the data theft.
Prudential Malaysia added that they took the necessary cybersecurity measures and notified the authorities once the data breach was discovered. According to the insurer, among the information “very likely” to have been compromised included:
Date of attack: June 2023
Location: US
Canadian insurance giant Sun Life has disclosed that personal data belonging to some of its US clients has been compromised as part of a global cyberattack in June involving the MOVEit file transfer software.
While the insurer doesn’t use the software for its systems, one of its third-party vendors, Pension Benefit Information (PBI), uses the platform to transfer files internally and between parties. According to Sun Life, it shares certain information with PBI to support business operations, including timely payouts of life insurance and related benefits.
The hackers were able to access several personal data, including:
Sun Life, however, maintained that no financial information – such as premium and account values – claims and medical data, and policy documents were exposed.
Date of attack: May 29-30, 2023
Location: US
Prudential Insurance has confirmed that one of its vendors has fallen victim to the MOVEit data breach, which has stolen sensitive information from businesses across the globe. The affected vendor, Pension Benefit Information (PBI), provides regulatory compliance and operational support services to insurers, pension funds, and other businesses.
In a notification document filed on July 31, the insurance giant reported that 320,840 customers were impacted. The compromised data included names, addresses, dates of birth, phone numbers, and Social Security numbers. The breach was discovered on June 27.
Date of attack: May 29-30, 2023
Location: US
Another client of PBI, New York Life Insurance Company (NYLIC) confirmed a massive data breach through the third-party vendor. The insurer joins the growing list of victims of the MOVEit cyberattack.
In its notification document filed on August 11, NYLIC revealed that 25,685 clients were affected by the incident. Among the data stolen was customers’ Social Security numbers. The data breach was discovered on June 6.
Date of attack: May 29, 2023
Location: US
US insurance giant Genworth Financial revealed that it has fallen victim to a massive data breach, impacting millions of its policyholders.
In a notification letter dated June 26, the insurer disclosed that between 2.5 million and 2.7 individuals “who are either customers or insurance agents” had their personal information accessed by hackers. The cyberattack was discovered on June 16.
“On June 16, 2023, PBI advised Genworth that specific Genworth files containing policyholder and agent information were compromised due to a security event that took advantage of a vulnerability identified in the widely used MOVEit file transfer software that PBI uses,” Genworth said in a separate statement.
PBI is a third-party vendor used by Genworth in scanning social security data to determine whether a policyholder may have died and triggered death benefits under a life insurance policy or annuity contract. The firm also helps the insurer identify deaths across other lines of insurance, as well as insurance agents to whom commissions are paid.
According to Genworth, among the exposed policyholder information are:
For insurance agents, compromised data includes
The insurer confirmed that its own information systems were not impacted as the company doesn’t use the compromised software. Affected individuals, meanwhile, received credit monitoring services and identity theft protection.
Date of attack: May 18, 2023
Location: US
Progressive Casualty Insurance Company reported that one of its third-party vendors has fallen victim to a data breach that impacted about 347,000 customers. In a notification document filed on August 1, the Ohio-based insurance giant confirmed that the following information has been compromised:
According to the document, the data occurred on May 18 and was discovered the next day. Data breach class action litigation specialist Federman & Sherwood has been tasked to investigate the matter.
Date of attack: February 26 to March 7, 2023
Location: US
Florida-based dental health insurer MCNA Insurance Company told regulators that personal health information of nearly nine million patients was compromised in a cyber incident discovered in March. In a data breach notification letter filed with the Maine state attorney general's office dated May 26, the firm said that it detected unauthorized access to its systems on March 6, with some found to be infected with malicious code.
The insurer listed more than 100 organizations affected by the cyberattack, including:
According to MCNA, the hackers were successful in accessing patient personal information, including:
While the health data compromised includes insurance information such as:
The information covered parents, guardians, and guarantors who paid the bill. MCNA provides dental and orthodontic care policies to members of certain state Medicaid agencies and the Children's Health Insurance Program (CHIP).
Managed Care of North America (MCNA) Dental has published a #databreach notification on its website, informing almost 9 million patients that their personal data were compromised. @billtoulas @BleepinComputer https://t.co/TyMubL7QCx
— DevaOnBreaches (@DevaOnBreaches) May 30, 2023
Date of attack: April 2023
Location: Germany
A cyberattack in late April 2023 prompted Bitmarck – a major IT service provider for Germany’s statutory health insurance system – to take all its customer and internal systems offline. The move affected many of the company’s clients, particularly those who rely on Bitmarck to issue their electronic sickness certificates, which are used in the country to pay employees’ leaves.
Bitmarck did not reveal the nature of the attack but announced that patient data was not “endangered.” The company added that it would bring back systems online in a “cautious manner” to mitigate the cyber incident’s impact and risk to clients.
The cyberattack follows another incident in January, in which personal data – including names, dates of birth, and insurance card ID numbers – belonging to more than 300,000 policyholders were stolen.
Date of attack: April 2023
Location: US
In mid-April 2023, the second-largest health insurer in Massachusetts suffered major technical outages resulting from a ransomware attack. The incident brought down the company’s systems that it uses to service members and providers, resulting in some members having difficulty contacting their insurers.
The members who were affected by the cyberattack were mostly those covered under the Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans. Members under the Tufts Health Plan were not impacted.
Point32Health, the parent company of Harvard Pilgrim Health Care and Tufts Health Plan, suffered a ransomware attack on April 17. - https://t.co/6IfIF1PqlI
— HealthITSecurity (@SecurityHIT) April 20, 2023
Date of attack: April 2023
Location: India
Some insiders have confirmed that the Insurance Information Bureau of India (IIB) fell victim to a cyberattack, which compromised “some data.” Information regarding the type of data stolen and other details of the breach, other than that “it is being addressed at the highest level,” was scant.
IIB is the industry’s regulatory body in the country. The organization’s latest figures show that India’s insurance sector includes 57 insurers – 24 in the life insurance sector and 33 non-life carriers. These include major brands Aviva Life, Bajaj Allianz, Bharti AXA, Cigna TTK, Future Generali, Tata AIA Life, and TATA AIG.
Date of attack: March 2023
Location: Australia and New Zealand
A record 14 million customer records were stolen in a cyberattack targeting financial services giant Latitude Financial, the company revealed in March 2023. The figure was far worse than the firm initially reported and included the following:
According to New Zealand’s Office of the Privacy Commissioner, about 13% of the 7.9 million customers whose driver’s licence numbers were compromised were from the country, which was equivalent to 20% of its entire population. This makes the data breach the largest ever recorded in New Zealand when it comes to the number of affected individuals.
There were also questions on why Latitude was holding on to that much data from former clients, which the company admitted dated back to 2005. The firm claims to handle only about 2.8 million customer accounts, according to its website.
Latitude first disclosed the cyberattack mid-March, saying that the breach only affected about 100,000 identification documents and 225,000 customer records. The company offers a variety of credit options, including credit cards, personal and car loans, and insurance.
Date of attack: March 2023
Location: UK
The fallout from a March cyberattack on UK-based IT services provider Capita has continued, with sources claiming that the incident affected up to 350 pension funds. Personal data belonging to millions of retirement savers might have been compromised, which would make the cyberattack the largest-ever in the country’s history.
The Universities Superannuation Scheme (USS), the largest private pension pot in the UK, were among those affected. It claimed that about 470,000 of its members had their personal information – including names, dates of birth, and National Insurance numbers – stolen through Capita’s software.
According to Capita, the hack started “on or around” March 22 and was intercepted in March 31. In April, Russian-speaking cyber crime group Black Basta claimed responsibility for the data breach. The gang later posted passports, addresses, and bank account details that it claimed it stole from Capita’s servers. Capita, however, did not confirm the authenticity of the documents.
Capita is also one of the largest IT services providers of the National Health Service (NHS) – the UK’s public healthcare system.
Capita has published an update on its cyber attack. Data was taken from less than 0.1% of its servers.The hack will cost the business up to £20m pic.twitter.com/f1DwAdjWEK
— Katie Prescott (@kprescott) May 10, 2023
Date of attack: January 2023
Location: US
In April 2023, Florida-based healthcare benefits provider NationsBenefits disclosed that thousands of its members had their personal information compromised in a late-January ransomware attack targeting Fortra’s GoAnywhere platform, a file-transfer software that the firm was using.
According to news reports, ransomware gang Clop claimed responsibility for the attack, saying it took advantage of a previously unknown vulnerability to raid several GoAnywhere customers. The group added that it stole sensitive data from over a hundred organizations.
In a notification to affected clients, NationsBenefits said that the data breach involved key personal data, including:
NationsBenefits provides health insurance policyholders a range of supplemental benefits, including vision and hearing care, and over-the-counter medication. The firm has more than 20 million members across the US. It is a third-party vendor for health insurance giant Aetna, although it was unclear if Aetna members were affected by the attack.
Date of attack: December 12, 2022 to January 17, 2023
Location: US, Canada
In a notification document filed on August 11, global insurance brokerage HUB International confirmed that it has fallen victim to a data breach that started at the end of 2022 and lasted until the beginning of the year. The incident was discovered on July 27.
The firm’s investigation found that an unknown individual accessed certain portions of its network and copied files without authorization. The cyberattack has affected 479,261 clients, as well as former and current staff mostly in the US, with a “limited” impact on Canada.
Among the information compromised are financial account numbers and credit/debit card numbers, which include security codes, access codes, passwords, and PIN.
The sheer volume of personal and financial data that insurance companies possess makes them an attractive target for cyber crime groups. This was what the International Association of Insurance Supervisors (IAIS) revealed in their cyber risk paper.
According to the group, the type of data – which includes personal identifiable information (PII) – that insurers collect, process, and store in substantial amounts, makes these companies especially vulnerable to cyberattacks. Cybercriminals are also salivating over the fact that insurance companies also have rich connections with various financial institutions through investments, debt issuance, and capital raising.
A separate cyber crime report by the cybersecurity specialist Black Kite also indicated how insurance companies “can’t afford down time.” Because of this, hackers believe that insurers are more likely to pay ransom. The report added, however, that not all cyberattacks are targeted. There are times when cybercriminals just release malware, hoping to pounce on unwitting victims.
In its latest cyber threat landscape report, the cyber intelligence platform IntSights identified the top five threats facing the insurance industry. These are:
Cyber insurance has become a popular risk management tool among businesses, especially with digital transformation giving rise to constantly evolving cyber threats. And as the frequency and severity of cyberattacks intensify, cyber insurers play a key role in keeping businesses protected. Find out which carriers made it to our latest rankings of the top cyber insurance companies in the US by clicking the link.
Data breaches cost companies across the world a combined $4.35 million, according to IBM’s latest report. The figure is a 2.6% increase from the previous year. In the US, however, the cost is more than twice the global average at $9.44 million. This is the 12th consecutive year that the country has incurred the highest cost in the annual report. In terms of industry, the healthcare sector is hit the hardest, incurring a combined global average of $10.1 million.
Given the current threat environment, it is only a matter of time before your business falls victim to a major cyberattack. The situation stresses the need for your organization to know what steps to take when cybercriminals strike as your survival depends on how effective your cyber response strategies are.
If you want to find out the best practices for responding to a cyberattack, our step-by-step guide can help.
Cyber insurance is a type of policy designed to cover financial losses incurred due to a cyberattack. It offers two types of protection:
Businesses should be mindful of the several factors influencing the cost of coverage before purchasing cyber insurance. These include:
Businesses in all industries are at risk of being targeted by cyber criminals, but some sectors are more vulnerable than others. Here are the industries that cyber crime reports identify are most vulnerable because of the type and amount of data they collect and manage.
Cybersecurity experts warn that cybercriminals often do not discriminate based on a business’ size. And with digital transformation happening at such a rapid rate, new and potentially more damaging cyber risks are more likely to emerge. This highlights the importance of having the right form of protection, more so for companies that handle sensitive data.
But these experts also remind businesses that it is not advisable to rely solely on cyber insurance to bail them out when cybercriminals strike. To remain insurable, your business needs to do its part and take robust measures to protect against cyber threats.
What do you think of the recent spate of cyberattacks targeting the insurance industry? Does our cyber crime report reflect the insurance sector’s threat landscape? Feel free to share your thoughts below.
