Topic: The Cyberwar Against Health Care Practices

While physicians worked to keep their practices financially afloat and dealt with the coronavirus disease 2019 (COVID-19) pandemic, hackers kept busy too.

From January 2020 to October 2020, there were 730 publicly disclosed security breaches with more than 22 billion records exposed.1 Health care made up 25% of those breaches with nearly 8 million records exposed. Ransomware was by far the most popular attack method in 2020, making up 46% of the breaches.1

“The success that cybercriminals had in 2020 extorting sizable payouts from medical practices of all sizes ensures that ransomware will indeed remain the top cybersecurity threat in 2021,” says Dave Martin, vice president of extended detection and response at cybersecurity firm Open Systems. “Ransoms like the $670,000 paid by University Hospital [in] New Jersey last September only encourage further attacks. And while larger institutions can clearly pay bigger ransoms, cybercriminals do not overlook smaller practices, which can be tempting targets of opportunity—particularly those with lax security.”

With health care workers focused on the pandemic response, experts say hackers are taking advantage and ramping up their attacks, so it is vital that practices of all sizes be more vigilant than ever about cybersecurity. Ransomware—malware that encrypts a practice’s data and demands a fee to unlock the encryption—is entering a new phase that makes a security breach even more costly, says Gary Salman, CEO of Black Talon Security, LLC, a cyber defense firm for medical professionals.

“Now doctors are seeing 2 ransom notes,” Salman says. “The first ransom note says, ‘I’ve locked all your data; if you want [them] back, pay me $50,000.’ The second note says, ‘And by the way, maybe you have a good backup, but guess what. I have all your data and if you don’t pay me an additional $50,000, I’m going to publish all your data.’” Salman says sites on the dark web are run by these threat groups, and data from doctors’ offices show patient information, including photographs, health history forms, and other private details.

Many of these hacker groups operate as businesses and can be very sophisticated, says Matt Ferrante, market leader of Cyber and Information Security Services at the advisory and accounting firm Withum. “They sometimes know exactly what your cyber insurance policy is, and they know what’s going to potentially be covered under the policy,” Ferrante says. “And if they don’t know, they’ve often already done the intelligence on your business, and they know what it’s worth.”

What to Do if Hit With Ransomware

If a practice experiences a ransomware attack, Matt Reid, senior health information technology (IT) consultant with the American Medical Association, says to take 2 actions immediately: Contact the FBI and the practice’s IT vendor. “Federal agencies have resources that can support medical practices during a ransomware attack—and that’s clearly an important component—but also work with your health IT vendor or internal IT support staff to try to partition off the segment of the network that has ransomware as fast as possible,” Reid advises.

Martin says that all compromised devices, including desktop PCs, laptops, and smartphones should be disconnected from the network by unplugging ethernet cables, disabling Wi-Fi networks, and switching to airplane mode.

If a practice has cyber insurance, Ferrante recommends contacting the provider and ensuring all requirements are met. This may involve an assessment of the attack. “If it’s not independently assessed, it may not be covered under the cyber insurance policy,” he says.

Topic Discussed: The Cyberwar Against Health Care Practices

Read Original Article