A report published by a software technology company shows that the number of organizations impacted by ransomware globally has more than doubled so far in 2021 compared with 2020. The healthcare sector has seen the highest volume of ransomware, with around 109 attacks per organization each week.
Since April, researchers have observed an average of 1,000 organizations impacted by ransomware every week. In 2020, ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019.
In 2020, more than 1,000 companies were the target of a double extortion tactic. Double extortion tactics include holding the company’s data for ransom, and if the company refuses to pay the ransom, the data is publicly leaked. In 2020, the average ransom payment jumped 171% to approximately $310,000.
A growing trend that was first seen in late 2020 is triple extortion. This occurs when criminals send ransom demands not only to the attacked organization, but also to any customers, users, or other third parties that would be hurt by the leaked data.
In October 2020, a psychotherapy office was hit by a breach that led to the theft of patient data and a ransomware attack. The attackers demanded a large sum of ransom from the clinic, and also emailed the patients directly, demanding smaller sums of money or else they would leak their therapist session notes. Due to the breach and the related financial damage, the psychotherapy clinic was forced to declare bankruptcy and ultimately shut down its business.
Recommendations from software technology companies include:
- Raise your guard around weekends and holidays. Most ransomware attacks occur on weekends and holidays when people are less likely to be on the lookout for the attacks.
- Keep your patches up to date. Be sure to keep your computers and systems up to date with the latest patches, especially ones considered critical.
- Use anti-ransomware tools. Some attackers send targeted spearfishing emails to trick employees into revealing account credentials that can open up access to the network. Protecting against this form of ransomware requires a special security tool. Anti-ransomware tools monitor programs on a computer for any suspicious behavior. If such behavior is identified, the tool can stop the encryption of sensitive files before any damage is done.
- Educate Users. Train users on how to identify and avoid possible ransomware attacks. Many such attacks begin with a phishing email that coaxes the recipient to click on a malicious link. Educating employees on these types of emails can stop an attack before it is too late.
- Stop ransomware before it starts. Ransomware attacks do not necessarily start with ransomware ― many start with malware infections. Be sure to scan your network for malware, as it can pave the way for ransomware.
Issue:
The healthcare sector is now one of the largest victims of ransomware due to its vulnerability to confidentiality breaches and the critical nature of online patient records. It is imperative that all nursing facilities become proactive in preventing ransomware attacks to avoid data breaches which are reportable in terms of the Health Insurance Portability and Accountability Act (HIPAA). Nursing facility leaders and the Privacy Officer should be aware of the new tactics that are being used by malicious ransomware attacks and provide training to all staff with access to electronic medical records, email, or internet on best practices to prevent a ransomware attack. Additional information is available in the Med-Net Corporate Compliance and Ethics Manual, Chapter 6 Data Integrity, Policy DI 1.0 G.
Discussion:
- Review facility policies and procedures on cybersecurity. Ensure that policies are kept current based on best practices designed to prevent ransomware attacks.
- Train all appropriate staff on best practices to prevent ransomware. Document that the trainings occurred and file in each employee’s education file. Provide additional training as new information becomes available.
- Periodically audit to ensure that staff are knowledgeable and utilizing best practices in preventing ransomware attacks.