Posts Tagged: ransomware

Healthcare Ransomware Attacks Cost Industry $21B in 2020

healthcare ransomware attacks

Healthcare ransomware attacks had a significant impact in 2020. New data reveals that the cost to the industry was nearly $21 billion. The 2020 numbers were the highest in the past five years. The pandemic was a catalyst for this increase. Let’s look at the why and how that delivered this unfortunate rise.

Ransomware in Healthcare Sees 470% Increase over 2019

In a report from Comparitech, the company aggregated data regarding healthcare ransomware attacks. They found 92 separate incidents, impacting over 600 clinics, hospitals, and organizations and over 18 million patient records. 

One of the most prolific was the Blackbaud, a cloud software provider. This specific ransomware issue affected over 100 healthcare organizations and over 12 million patient records. 

Tracking down every ransomware attack is challenging because HHS (U.S. Department of Health Services) only reports them if they impact more than 500 people. The report included those along with others that researchers were able to assess. 

Downtime Was a Consequence

Downtime for any organization is costly in so many ways. When healthcare organizations don’t have sufficient business continuity or data backups, downtime risk becomes greater. The report discerned that downtime ranged significantly, affecting those with less frequent backups or paper-only systems. One healthcare entity lost its records after a ransomware attack

In the company’s analysis, they hypothesize that ransomware caused 1,669 days of downtime for the industry. That’s over 40,000 hours!

Ransoms Varied and Some Organizations Paid Them

The gist of ransomware attacks is that cyber criminals request a ransom to give you back your data. They do this by stealing the data, copy it, and encrypt the data to prevent access.

Those amounts varied between $300,000 and $1.14 million. Some organizations paid it. In the Blackbaud incident, organizations paid out at least $2,112,744 to attackers. 

Why Is the Healthcare Industry Vulnerable to Cyberattacks?

Unfortunately, healthcare is an easy target. The industry has highly sensitive data and can’t afford to have any downtime. While those attributes make it attractive to hackers, cybersecurity efforts in the industry aren’t at the same pace as others. 

Some of the biggest challenges include outdated infrastructure, antiquated cybersecurity practices, on-premises systems, and failure to backup files. Risk rises when you use legacy systems to store patient files that are no longer updated or supported. Legacy systems have been a cause of cybersecurity incidents for some time. To mitigate this risk, you should consider archiving data to a secure, compliant repository so that you can decommission legacy systems for good.

Proactive Initiatives to Mitigate Healthcare Ransomware Attacks

In addition to moving away from legacy systems, healthcare organizations should also embrace the cloud. It’s more secure and flexible. They should also educate and train employees on best practices for cybersecurity. These sessions should be ongoing. With some healthcare workers still remote, this training should include securely working from home.

Additionally, healthcare entities should ensure that all their vendors follow best practices with their data. Third parties can be a back door for hackers. If a provider converts, migrates, shares, or archives your data, ensure they use the most advanced encryption and other proactive measures. 

InfoWerks Takes Data Security Seriously

As a partner to healthcare, we take data security seriously. We have a high level of cybersecurity measures in place. All our processes and services support HIPAA and HITRUST compliance, as well. We’ve never had a breach in our company’s history. Learn more about data security protocols and HIPAA compliance requirements.

Healthcare Ransomware Attack of Mailing Service Exposes Over 20,000 Records

healthcare ransomware

Healthcare entities have a regulatory obligation to protect protected health information (PHI). Compliance also extends to healthcare partners that handle PHI. Unfortunately, cybercriminals are targeting these partners as well as healthcare organizations. A recent healthcare ransomware attack exposed over 20,000 patient records. The hackers seized a mailing service provider’s data using Ryuk ransomware. On January 19, 2021, the company published a press release on the incident

What Happened?

In May 2019, hackers infected the mailing service provider’s servers with Ryuk ransomware. Ryuk is the work of an eCrime group know as Wizard Spider. Hackers designed it to infiltrate enterprise environments. It works by identifying and encrypting network drives and resources. It also disables the backups. The primary method of infection is through phishing attempts. Emails include an infected document. Upon opening it, the hackers are in and begin to collect admin credentials and move critical assets.     

The mail printing service received a ransom request from hackers. They demanded money to unlock the servers. Any data on the servers was now unusable. The company did not pay the ransom. They also said they didn’t find evidence of access to customer files. However, they cannot with full certainty say there was not a breach, hence the notification to patients.

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) did investigate to determine if there were any HIPAA violations. The OCR announced there were no violations and closed the case. 

Healthcare Ransomware Attack Puts Lens on Business Associates

When any security breach occurs, there are always lessons to learn. The importance of this case is that it wasn’t the healthcare organization attacked—it was a business associate. Any relationships between healthcare entities and vendors that involve PHI access require a HIPAA business associate agreement (BAA).

This agreement means that the vendor will follow HIPAA compliance in handling sensitive information and safeguarding it. That’s a minimum, but you should go beyond that when you choose vendors. Ask these questions:

  • What are your encryption methods? 
  • Do you encrypt at both rest and transit?
  • Does your staff participate in annual HIPAA compliance training?
  • Have you ever had a breach?
  • Do you backup all data?
  • Who is your data center partner?

You should make these questions part of your process of selecting partners. 

What Answers Should You Expect?

With these questions, there are right and wrong answers. Encryption will be a big part, especially confirming that encryption occurs at transit and rest. You also need to have a feel for their cybersecurity posture. What proactive measures do they have in place to thwart, identify, and defend against cyberattacks?

Hackers are only becoming more sophisticated. These layers of security are really going to happen on the data center and cloud side. That’s where the data is, so you need to get the specifics on their co-location partner. 

Further, backups and redundancy are critical. In many healthcare ransomware incidents, organizations lose data forever if victims don’t pay. Last year, this happened to a Colorado hospital, wiping out five years of patient medical records on their legacy EHR. 

A Secure, Compliant Partner for Healthcare

We never like to report on breaches and ransomware. Unfortunately, these things occur in abundance, and the healthcare industry is a top target. We are proud to say we’ve never experienced a breach. Nor have we ever violated HIPAA standards. After over two decades and tens of thousands of healthcare data projects, we understand what it means to be secure and compliant.

Learn more about our data security and HIPAA compliance protocols.