Looking for Something Specific?
Search the Blog Archives.
As little as five years ago, hackers were lone individuals operating on their own. Today, cybercrime is a multi-billion dollar business. Organized crime – typically from eastern Europe, Russia, and India – has helped hacking reach a level of sophistication that now involves hiring professional developers and hackers to come up with new and innovative ways to carry out attacks. A hacker working for one of these organizations can net a salary of about $150,000 a year.
The ransomware virus will encrypt any files it comes across on your system, network, and servers, and as of today this encryption remains uncrackable. The only way to regain access to your data is to pay the hacker responsible for the decryption key and hope that they actually return your files to you. The other alternative is to ignore the ransom demand and hope that your data backups are enough to restore your practice to its pre-infection status.
The healthcare sector is the number one target for these attacks. 88% of all attacks are aimed at healthcare providers. To add some perspective to this statistic, the second most targeted sector is education – accounting for 6% of all ransomware attacks. Hackers consider healthcare entities to be low-hanging fruit, mainly because they tend to have lax IT security protocols in place, and are generally very quick to pay a ransom demand for their patient data. There has also been a noticeable trend in healthcare workers simply lacking the awareness to avoid falling victim to a ransomware scam.
Additionally, patient information can fetch huge sums for cybercriminals on the online black market known as the Dark Web. A credit card number has a value of about $8. A healthcare record on the other hand is worth about $60. The average data breach will compromise about 10,000 records. That’s a payday of $600,000 for the hacker responsible.
More than half of all US hospitals have been hit with a ransomware attack in 2016. In virtually every case, these entities believe that they have adequate security measures in place, but the reality is that unless you have a multi-layer system in place to protect your data, your practice is left extremely vulnerable.
Ransomware has become such a prevalent issue within the healthcare industry that the Department of Health and Human Services (HHS) has released guidelines for how a healthcare entity is expected to respond to a ransomware attack. All business associates and covered entities are now required to report a ransomware infection as a data breach, regardless of the scope of the attack. Failure to do so will result in fines from the OCR. Depending on how negligent the OCR finds your practice, fines can range between $600,000 to $5 million. On top of that financial blow, the class action lawsuits that can follow can easily cost upwards of $50 million in settlements.
Very recently, a tool called RanSim was released to help healthcare organizations test the vulnerability of their IT network. Developed by one of VITECH’s partners, KnowBe4, RanSim is already proving to be an invaluable tool to help healthcare organizations prevent a real ransomware attack. By running a completely harmless attack simulation, this tool tests 5 different infection scenarios, and produces results in just a few minutes.
To properly protect your practice from a ransomware attack, there are 8 security protections you can implement right now to better your odds of avoiding an attack.
It’s extremely important to take the threat of cybercrime seriously. It is by no means a small threat, especially to the healthcare industry. If you are not prepared for it, you will find yourself not only out thousands of dollars in ransom fees, but at risk for huge fines from OCR, and class action lawsuits costing millions.
Have a threat assessment completed to find out where your practice stands when it comes to cyber security. Determine where your security measures might be lacking, and how your employees are using company-owned devices. Figure out if your data backups are adequate to protect your practice, and if your network protections are sufficient. Talk to your IT provider, and create a plan of action to take care of any and all potential vulnerabilities. Ongoing maintenance is critical to keeping your practice secure.
Want to find out how VITECH can help keep your practice safe from cyber threats? Contact us at firstname.lastname@example.org or (800) 536-2156. We’re the IT professionals practices in The United States of America trust.
Fill In The Form Below for industry news, information about our services, events, webinars and more.