Cybersecurity Threats Facing Cannabis and Other Healthcare Businesses [With Solutions]

By: Eric McLaughlin, AAI

Eric McLaughlin brings considerable experience in commercial insurance to the C&S team, specializing in coverage needs and risk management for post-acute healthcare facilities, transportation incl…

Cybercrime threatens every industry, and the cannabis and healthcare industries are no exceptions. Hospital cyber attacks are on the rise, and unfortunately, it’s predicted that healthcare breaches will increase 10-15% in the next year. Top cybersecurity threats include sophisticated phishing, evolving ransomware, state-sponsored attacks, and vulnerabilities in smart medical devices and electronic medical records. It’s vital that hospitals and cannabis companies take cybersecurity seriously and take measures to secure their networks.

Threats to Cannabis and Healthcare
Examples of Cannabis Cyber Attacks
Healthcare Breach Examples
Cost of Cyber-Insecurity to Cannabis and Healthcare
Protect Your Business
Why C&S?

Threats to Cannabis and Healthcare

The healthcare industry has been around for decades but is evolving to keep up with evolving maladies and other societal changes, like the rise of technology. As records, medical notes, and other client information move to digital, the risk of cyber threats is more frequent and dangerous.

According to MedCity News, healthcare data breaches spiked 55% from 2019 to 2020. This number is expected to continue to rise as telehealth, electronic records, and remote or hybrid workforces become the norm. Healthcare cybersecurity must go further than just HIPAA and also protect from malware, phishing attacks, ransomware, and other serious attacks.

Attacks often target the cannabis industry partly since it’s so new. Newer businesses are less likely to have cyber protection and defense strategies. Also, since most cannabis companies are small, they are less likely to have a dedicated IT person or staff. There is an extra risk of cannabis companies losing customer trust if a cyber attack occurs because, even though medical cannabis has bettered the lives of many patients, there is still a stigma around the use of cannabis.

Examples of Cannabis Cyber Attacks

In December of 2020, Aurora Cannabis, a large medical cannabis producer in Canada, was targeted by a cyber attack. An unknown number of the company’s current and former employees had their personal data leaked, including credit card and banking information, addresses, and identification. According to Aurora, client data wasn’t compromised, and they are working with authorities and security experts to contain the breach and protect against further attacks.

Cybercriminals attack vulnerabilities in a system, which can be a result of employee ignorance, gaps in cloud servers, weak passwords, unsecured networks and so much more. Sometimes, it’s not even a company that gets attacked, but one of its vendors, such as a customer relationship management (CRM) or point of sale (POS) vendor. In early 2020, it was reported that 30,000 customers from several U.S. marijuana dispensaries were impacted by a data breach connected to a software company.

Healthcare Breach Examples

According to HIPAA Journal there were 28,756,445 healthcare records breached in 2020. The cyber attack victims included Trinity Health; MEDNAX Services, Inc.; Innova Health System; Magellan Health Inc.; and Dental Care Alliance. Many of these were as a result from a breach from the cloud service provider Blackbaud Inc. Hackers ransomed customer information and threatened to release it publicly if not paid. Ultimately, Blackbaud did pay, and the hackers claimed to have deleted the data, but there’s no way to verify.

Cyber attacks on healthcare companies have continued to rise over the recent years. Healthcare information is such a big target since it may contain valuable social security numbers, Medicare and Medicaid IDs, health insurance information and medical history, and more. The biggest healthcare cyber attack to date was on Anthem Blue Cross in 2015 and affected 78.8 million people. Most of these were Anthem members, but since Anthem manages paperwork for independent insurance companies as well, non-members were also affected.

Cost of Cyber-Insecurity to Cannabis and Healthcare

Cybercrime is a growing concern in the cannabis and healthcare industry and must be taken seriously. In fact, global cybercrime damages are expected to cost up to $10.5 billion every year by 2025. It’s important for cannabis and healthcare companies to have IT teams and policies put in place.

Protect Your Business

Every business is at risk of a cyber attack and should take precautionary measures to protect their data, employees, and clients.

Multi-factor authentication (MFA): Empower employees to stay protected from cyber attacks and protect personal information with MFA. With MFA, users are asked to provide at least two verifications of identification.

Education and training: The first step in preventing cybercrime is educating and training your workforce to be aware of vulnerabilities and to implement best practices.

Preventative measures: Businesses can perform regular security audits and updates, install malware and virus protection, and set up email spam filters. It’s recommended that businesses hire at least one cybersecurity professional or build an IT team that focuses on cybersecurity.

Cyber insurance: Every business should also invest in cyber insurance. Cyber insurance, or cyber liability insurance, covers a business’s financial liability for damages resulting from data breaches. Cyber insurance is designed to cover the costs of security failures, which can involve data recovery, legal defense, and making reparations to customers. Data can range from clients’ personal information to corporate IP and trade secrets.

Insurance companies require that businesses test employees on cyber attack tactics such as phishing, malware, and ransomware. The insurance policies that C&S provides come with risk mitigation software that can test your employees and keep your business safe.

Why C&S?

  • Industry knowledge – With over 50 years of experience, our experts have the experience and connections to get you the best rates.
  • Specialized team members – We have dedicated cannabis and healthcare insurance experts to help you navigate the insurance field.
  • Top-tier carrier relationships – We’re able to offer the industry’s most competitive rates.
  • Responsive, efficient service – As a local, neighborhood agency, we believe in the importance of knowing our clients’ names and putting and going out of our way put your first.
  • Local Experience – With four Massachusetts offices, our experts are always here to deliver exceptional service, at the industry’s most competitive rates.

Contact us today to get a cyber insurance quote and protect your business, employees, and customers.

Is Your Insurance Company Working Hard Enough for You?

A good insurance company does more than just sign you up and forget your name. Unfortunately, that’s exactly what you get with many of the big-name companies. Discover the value of a local, independent agent, who can save you money AND go to work for you on needs like Massachusetts RMV services.

See What You're Missing