Expert Q&A: Cybersecurity Tactics in Workers’ Compensation

The biggest threats to workers’ comp organizations are data breaches. With this threat, hackers target the personal data of injured workers and either hold it for ransom payments or conduct identity theft. Healthcare data breaches have increased over the years. In 2023, there were over 3,200 reported data breaches in the United States – of which more than 800 occurred in the healthcare industry alone.³ This number is made even more significant when you consider that the average cost of a healthcare data breach in 2023 was nearly $11 million.⁴

The most common types of cyberattacks are phishing attacks where a hacker attempts to collect information from an unsuspecting individual. These attacks fall under the umbrella of social engineering, where criminals use psychological tactics to manipulate people into giving out sensitive information. Phishing can come in multiple formats, such as:

• Spear-phishing, targeted email attacks that impersonate a trusted sender to fool victims into revealing information or downloading malware
• Business email compromise attacks, which target employees with convincing emails that trick them into downloading malicious files
• Email attacks, which attempt to persuade the recipient to initiate an action that may allow for the deployment of a variety of malicious software such as ransomware

The latter is extremely effective in bypassing improperly deployed security controls and network policies by targeting unsuspecting healthcare workers and having them unknowingly install ransomware – malicious software that prevents users from accessing systems or files – through a false link or file. Ransomware attacks have significantly impacted the healthcare industry, costing over $77 billion in downtime since 2016.⁵

It comes down to value. For instance, the value of a single healthcare record is 10 to 40 times more than the value of a credit card number.⁶ Depending on the type of information it contains, the value of a single health record could be as much as $1,000.⁷ To a hacker, this amount of money is considered too much to pass up – which is why the healthcare industry as a whole is the most targeted industry in the world. Coupled with the fact that the healthcare industry is considered to be lagging in the effective application of cybersecurity tools, this creates a favorable environment for hackers to exploit.

The most significant impact to the injured worker is the possibility of identity theft. This is where hackers use the stolen injured worker’s data to create fake personas in order to conduct fraudulent financial activity or even file fake workers’ comp claims. In either case, the underlying goal for a hacker is to use the information to make as much money as possible before they are caught.

It’s a combination of multiple factors. These may include:

• The cost of acquiring the resources and personnel necessary to maintain a robust security posture
• Identifying and applying the most stringent data security controls to protect injured workers’ data
• Having to administrate a huge and diverse network infrastructure across a variety of different attack surfaces
• Developing and implementing an adequate security awareness and education training program for all workers
• Having the distinction of being a part of the most targeted industry in the world –healthcare

First, and most importantly, all organizations within the workers’ comp supply chain must be willing to increase their investment in cybersecurity. This is not just a financial investment in security tools and resources, but also an investment in their personnel and organizational security culture. They must be willing to acquire the best security tools necessary to protect their data and to invest in their cybersecurity personnel by providing them with the best training possible to effectively implement these security tools. With that being said, organizations must not rely on security tools alone.

They need to establish and nurture a cybersecurity culture that permeates throughout the entire organization. This culture would allow employees at all levels to fully understand their role in maintaining a viable cybersecurity posture that enables them to be truly invested in protecting the data and resources under their control. This is accomplished by creating and actively maintaining a security training program that promotes continuous cybersecurity awareness and educational opportunities for all employees.

It is vitally important that every employee understands the role they play in protecting a company’s information security. This is made especially clear by social engineering attacks such as the one against MGM Resorts and Caesars Entertainment in 2023. A threat group sent messages to targeted employees claiming they needed to reauthenticate their identities or update account information.⁸ The group then installed multiple versions of remote monitoring and management tools.

Education plays an important role in helping to prevent situations like this, which cost MGM $100 million as they worked to restore their systems.⁹ A relatively small investment in organizational cyber education can go a long way in helping to mitigate costly cyberattacks like this one.