Ransomware rapidly is becoming the weapon of
choice for cybercriminals targeting healthcare businesses. Per research shared in
a recent Information
healthcare organizations reported an 89% year-over-year increase in ransomware
attacks, with smaller healthcare firms bearing the brunt of the onslaught.
Why are small healthcare companies such enticing
targets for cybercrooks? Because “most don’t have adequate financial or
technical resources to defend themselves” columnist Marcus Chung theorizes in
the IM piece. Plus, Chung blames a
few other factors:
- Less complexity, lower risk than other
cybercrimes – When hackers
steal valuable patient records from a healthcare provider or payor, the culprits
must find buyers for the data on the open market of the dark web, which Chung calls a “tricky” and risky proposition. After a successful
ransomware incursion, perpetrators in essence are selling the victimized
company’s stolen property back to it, which Chung says “improves the odds of
getting paid quickly and quietly.”
- Availability of cryptocurrencies – Paying ransom in real world requires
delivering bundles of cash (which can be marked) or executing wire transfers
(which can be traced.) But in the cyber realm anyone can establish a
cryptocurrency account (called a wallet) in minutes. “With cryptocurrency,”
Chung explains, “Neither the wallet nor the resulting transactions can be
easily connected to any real-world identities.”
- Accessible as a service – Developing malware in the past typically
required significant coding skills. Today, illicit technology vendors sell
“ransomware-as-a-service” kits at relatively low prices through illegitimate
virtual markets. Some of these vendors even offer customer support for buyers.
Our readers know we’ve been tracking the rise of ransomware for several
years, providing insight into disturbing trends as demonstrated by our recent
post about the attack on the Professional Golf Association
(PGA). Readers also know
we’ve run series of articles customized for healthcare organizations, such as
last fall’s piece about budgeting for data breaches. So, given the troubling intersection
between ransomware assaults and healthcare businesses, we felt reiterating sage
advice was in order. Here are some tips for
fortifying against ransomware that we gleaned last year from IM’s sister publication HealthData Management:
- Increase the frequency of
complete system backups; no one knows the day or the hour of an attack.
- Include ransomware in
general planning for data breaches, with specifics for incident response.
- Check email security
protocols for systems and networks more often than you did in the past.
- Know that comprised patient
health information (PHI) means engaging HIPAA
data breach procedures.
- Launch a ransomware-focused
employee education program:
- Focus on email, the main channel for attacks.
- Provide samples of ransom popups and messages.
- Show warning signs, such as missing file extensions or odd ones
like “.crypted” or “.cryptor”.
- Consider restricting peer-to-peer file sharing on networks, a
common way ransomware spreads.
- Teach that, when a device is attacked, disconnect from the
internet and turn it off.
IT Managed Service
Providers (MSPs) that specialize in healthcare firms can secure access points
into protected health information and medical devices from ransomware, as well
as general business systems. But does your MSP have the stuff of a healthcare
cybersecurity guru? Read our recent
post to find out.