Health-data breaches are a “huge risk” for insurers

Published: December 13, 2016

Updated: July 24, 2018

Author: Luke Jones



Cyber-attacks are increasing and hackers perpetrating data breaches on personal and health-related information present a “huge risk for those in the insurance industry”. That’s according to Kevvie Fowler, national leader of cyber response for KPMG in Canada. At and industry event, Fowler said the long shelf-life of health-related date is a factor, with data kept as long an individual stays alive.

Fowler was speaking as part of a panel discussion at KPMG’s 25th Annual Insurance Issues Conference in Toronto.

Addressing the longevity of health-related date, he said the shelf-life is “Hopefully, infinite, but in reality, as long as the individual who owns the record stays alive,” Fowler told attendees, estimating that would likely be “40 or 50 years on average.”

“medical and insurance information, personally identifiable information, usernames, passwords, anything along those lines,” Fowler said.

“A lot of people in the insurance industry have” all three types of information, he pointed out. And the shelf life of personal and health-related information dwarfs that of other information types, expected to be “a few weeks or a few months tops” before the breach is discovered and records cancelled.

Cyber criminals want data with a long life and they are often “breaking into the banks, they’re walking right by the financial data and they’re downloading personal and health-related information.”

“That’s a massive issue now for organizations,” including those in the insurance industry, Fowler said. These attacks can, for example, mean people are unable to get on a company website, make policy changes or apply for policies, he noted.

“It really brings organizations down to a screeching halt,” Fowler told attendees.