Ransomware rapidly is becoming the weapon of choice for cybercriminals targeting healthcare businesses. Per research shared in a recent Information Management article, healthcare organizations reported an 89% year-over-year increase in ransomware attacks, with smaller healthcare firms bearing the brunt of the onslaught.
Why are small healthcare companies such enticing targets for cybercrooks? Because “most don’t have adequate financial or technical resources to defend themselves” columnist Marcus Chung theorizes in the IM piece. Plus, Chung blames a few other factors:
- Less complexity, lower risk than other cybercrimes – When hackers steal valuable patient records from a healthcare provider or payor, the culprits must find buyers for the data on the open market of the dark web, which Chung calls a “tricky” and risky proposition. After a successful ransomware incursion, perpetrators in essence are selling the victimized company’s stolen property back to it, which Chung says “improves the odds of getting paid quickly and quietly.”
- Availability of cryptocurrencies – Paying ransom in real world requires delivering bundles of cash (which can be marked) or executing wire transfers (which can be traced.) But in the cyber realm anyone can establish a cryptocurrency account (called a wallet) in minutes. “With cryptocurrency,” Chung explains, “Neither the wallet nor the resulting transactions can be easily connected to any real-world identities.”
- Accessible as a service – Developing malware in the past typically required significant coding skills. Today, illicit technology vendors sell “ransomware-as-a-service” kits at relatively low prices through illegitimate virtual markets. Some of these vendors even offer customer support for buyers.
Our readers know we’ve been tracking the rise of ransomware for several years, providing insight into disturbing trends as demonstrated by our recent post about the attack on the Professional Golf Association (PGA). Readers also know we’ve run series of articles customized for healthcare organizations, such as last fall’s piece about budgeting for data breaches. So, given the troubling intersection between ransomware assaults and healthcare businesses, we felt reiterating sage advice was in order. Here are some tips for fortifying against ransomware that we gleaned last year from IM’s sister publication HealthData Management:
- Increase the frequency of complete system backups; no one knows the day or the hour of an attack.
- Include ransomware in general planning for data breaches, with specifics for incident response.
- Check email security protocols for systems and networks more often than you did in the past.
- Know that comprised patient health information (PHI) means engaging HIPAA data breach procedures.
- Launch a ransomware-focused employee education program:
- Focus on email, the main channel for attacks.
- Provide samples of ransom popups and messages.
- Show warning signs, such as missing file extensions or odd ones like “.crypted” or “.cryptor”.
- Consider restricting peer-to-peer file sharing on networks, a common way ransomware spreads.
- Teach that, when a device is attacked, disconnect from the internet and turn it off.
IT Managed Service Providers (MSPs) that specialize in healthcare firms can secure access points into protected health information and medical devices from ransomware, as well as general business systems. But does your MSP have the stuff of a healthcare cybersecurity guru? Read our recent post to find out.