Is Your Healthcare Organization Following These Four Ransomware Best Practices?

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Healthcare is the most targeted sector for data breaches and ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020, according to the US Department of Health and Human Services Cyber Security Program 2021 Forecast.

While ransomware has been a favorite among attackers for years now, the rate continues to rise each year. The ransomware industry has displayed resilience and determination. Hacktivists and nation state actors are drawn to the disruption it can cause. Cybercriminals are drawn to the profits it can bring in, especially for public health records which can sell for up to $1,000 each on the dark web. In a survey of healthcare IT workers by SOPHOS earlier this year, a third reported they had been hit by ransomware attacks. The bill paid by healthcare providers for a ransomware attack is staggering. The average cost – including the ransom, people time, downtime, equipment, and other impacts on business operations – is $1.27 million.

We can make some assumptions about factors that are causing the steady increase in ransomware attacks: the emergence of “ransomware-as-a-service” platforms; the rapid inflation of cryptocurrency prices is a boon to attackers as bitcoin is used for most ransom payments; healthcare facilities have been overburdened and distracted by the COVID-19 pandemic; tensions between countries has spurred a rise in cyber warfare and criminals internationally.

We have seen ransomware strains come and go just for new and improved versions to take their place. A major evolution in tactics observed over the past year is ransomware being used not only to encrypt the data but also to exfiltrate and hold it for ransom under the threat of leaking the information to the public. An example of this is the breach at Vastaamo, a major Finnish psychotherapy clinic reported in October 2020. Patient files and therapy session notes were compromised, encrypted, and exfiltrated. Even after Vastaamo paid the ransom, the attackers shifted to contacting the patients directly and threatened to release their sensitive therapy data if they did not pay an additional ransom. Therapy session notes and personal data of many patients were leaked…