Ransomware payment debate resurfaces amid Change Healthcare incident

/in


A hotly debated flashpoint in the cybersecurity community is getting renewed attention as healthcare stakeholders work to rebound from a major ransomware attack that’s roiled the U.S. health insurance market over the past month.

The Feb. 21 Change Healthcare ransomware attack carried out by the ALPHV/Blackcat hacking gang has delayed prescription fillings and led to cash crunches at clinics and other facilities. The American Healthcare Association said that 94% of hospitals are signaling financial impact due to the incident, with some providers losing upwards of $1 billion per day in revenues.

Change Healthcare reportedly made a $22 million ransom payment to the hackers. Soon after, the cybercrime collective appeared to stage a fake takedown of their own site. But analysts expect the group to reemerge under a new name.

The U.S. over the past year has been working with international partners to take a firm stance against ransom payments, though surveyed experts have not agreed on a single policy.

Some cyber industry leaders say that paying ransoms should be banned because it emboldens cybercriminals and helps fund more illicit activities, and that, in some cases, paying a ransom does not necessarily guarantee that compromised data will be returned.

Others argue that total bans put too much pressure on victims, and that sometimes payments need to be made in order to recover vital systems, like those seen in hospitals and critical infrastructure.

In a briefing with reporters Monday, the Department of Health and Human Services said it has not yet taken an official position on whether ransom payments should be banned, and later told Nextgov/FCW it would defer to the National Security Council and FBI on the matter.

The White House is maintaining its previously established position that ransoms should not be paid because payment incentivizes cybercriminals to conduct more ransomware attacks.

The Biden administration “strongly discourages paying of ransoms, to stop the flow of funds to these criminals and disincentivize their attacks,” Anne Neuberger, deputy national security advisor for cyber and emerging technology at NSC said in a statement to Nextgov/FCW.    

The FBI declined to…

Source…