Close Server: KOPWWW05 | Not logged in


FEATURES

Doxxing Raises the Stakes of Ransomware for Healthcare Providers

New ransomware attacks are evolving to be more dangerous and threatening.

In a very short time, ransomware has grown from a known but infrequent cyber attack to a profitable and widespread epidemic. Attacks are increasing in frequency and severity. On average, a new business is attacked every 40 seconds, and a disproportionately high number of victims are healthcare providers. In fact, research shows that healthcare providers were 4.5X more likely to be hit by Cryptowall ransomware than operators in other industries.

When attacks do happen, the damage can be devastating. The loss of access to patient records has resulted in critical services being suspended and in communications grinding to a halt. There have even been cases where entire hospitals have been crippled for days.

Perhaps the only consolation for victims has been the general consensus that ransomware does not constitute a data breach. Private files, encrypted and then restored, have not automatically triggered the same kind of disclosure and public notification that traditional data breaches have forced. Victims mainly restored their data internally from backups while some chose to pay the ransom.Ransomware

Seeing this, attackers are changing their tactics, and, unfortunately, new ransomware attacks are evolving to be more dangerous and threatening. To increase the likelihood of payment, these new attacks promise more than just the threat of file encryption and data loss, they now also threaten the public release of captured sensitive and private data -- a practice known as doxxing.

SEE ALSO:
3 Lessons US Hospitals Can Learn from UK Hospital Malware Attacks

There are already ransomware variants that are demonstrating this approach. First spotted in April 2016, Jigsaw ransomware not only encrypts a victim's data, but also threatens to send copies of those stolen files to all of the victim's contacts if the ransom is not paid. CryLocker is another ransomware variant spotted leveraging doxxing as a tactic last September.

For healthcare providers, adding doxxing to the extortion equation transforms ransomware from a critical service issue to a costly matter of HIPAA notification compliance and a case of public data breach, raising the stakes considerably. Organizations are required to report this kind of exposure of unsecured protected health information to the U.S. Department of Health and Human Services' Office for Civil Rights (OCR). In addition to potentially issuing a fine -- the largest issued to date totaled $4.8 million -- the OCR also publicly exposes all organizations experiencing breaches totaling 500 records or more.

This public exposure also puts patients at risk. Stolen medical records released publicly can quickly become fodder for a wide variety of fraudulent activity, from buying and reselling medical equipment or prescription drugs to filing false claims with insurers. Medical identity theft can be a painful and damaging logistical nightmare for patients, potentially ruining their credit and even endangering their lives. Victims experience the consequences of unpaid deductibles, corrupted medical histories, and even prosecution for fraud.

An Ounce of Prevention is Worth a Pound of Detection and Response
Having reliable backups of your files has always been cited as a best practice to defend against ransomware, but it's only effective when the threat is limited to the deletion or irreversible scrambling of critical data. When public exposure is on the table, restoration of the data through backup isn't relevant, since the information is available to hospital, patient and criminals alike. A new best practice is required.

The increasingly immediate threat and fallout posed by ransomware has resulted in a necessary change of priorities when it comes to IT security. The emphasis has shifted from reactive detection and response to investment in proactive prevention, specifically against the earliest phases of the infection. Many healthcare organizations that are slow to respond to this shift may find themselves over-invested in monitoring, incident management and recovery while short-changing the actual target of most attacks -- the user system or endpoint.

Ransomware authors utilize a variety of tricks to bypass antivirus and other traditional security solutions to initially infect user endpoints and spread their attacks from there. Knowing that new malicious programs regularly bypass these pre-execution defenses, providers need to focus on developing additional last lines of defense that block malware at runtime and prevent the attack from fully executing in the first place. In some cases, IT and security professionals may be able to utilize application whitelisting and Software Restrictions Policies to block unnecessary or suspicious executables and even isolate infected systems before the attack has the chance to spread. For some organizations, however, these types of restrictions can be difficult to rollout and manage, particularly in complex working environments (i.e. hospitals). In those cases, utilizing a third party tool specifically designed for runtime protection can be a more suitable solution.

As always, the best protection for user systems also improves the security of the users. In addition to investing in security technology and infrastructure, organizations should train users on common forms of attack, and staff on rapid security response. Through a combination of system protection and user awareness, even these new attacks will be blunted, along with the motivation for attackers to look for even more dangerous payloads to deliver.

Jack Danahy is co-founder and CTO at Barkly.

You Might Also Like...

The Ransomware Threat

By pursuing software development teams, hackers may have found a soft target with the potential for high payoff

How Hospitals Can Prevent Cyber-Attacks

Employee training and other safeguards essential for avoiding cyber attacks and breaches

How Cyber Attacks Complicate HIPAA Compliance

The financial incentives for hackers who steal health information are growing dramatically

Becoming Breach Prepared

There are several best practices to consider when responding to a breach of healthcare information


Articles Archives


     

Email: *

Email, first name, comment and security code are required fields; all other fields are optional. With the exception of email, any information you provide will be displayed with your comment.

First * Last
Name:
Title Field Facility
Work:
City State
Location:

Comments: *
To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the below image, reload the page to generate a new one.

Captcha
Enter the security code below: *

Fields marked with an * are required.

View New Jobs, Events and More

 
 
 
 
 

Back to Top

© 2017 ADVANCE Healthcare, an Elite CE company

contact@advanceweb.com