Healthcare organizations are a hot topic when it comes to cybersecurity, as even a small data breach could turn into a goldmine for hackers. Recently, IBM’s 2016 Cyber Security Intelligence Index has reported a data breach that exposed more than 10 million medical records, which shows us just how scary a breach of this kind can be. The secret weapon, in many cases, is a threat called ransomware.

Ransomware is a common and painful threat in its own right, even when it’s not used to target healthcare organizations. Yet, the nature of healthcare records makes it an extraordinarily difficult threat to work around. For one, hospitals often have no choice but to pay the ransom, since they need access to important files in order to continue doing their jobs. This has left many hospital administrations with no choice other than to pay the ransom, in order to guarantee the safety and protection of their patients, and to avoid nasty falling-outs that could come in the form of legal ramifications.

Granted, medical records also contain plenty of sensitive information in their own right, including financial details, home addresses, Social Security numbers, and plenty more. Basically, a healthcare-based security breach hands over all of the data necessary to steal someone’s identity.

One hacker with the overzealous and somewhat hilarious monicker, TheDarkOverlord, posted over 650,000 patient records for sale on the dark web. TheDarkOverlord used an unknown vulnerability in the Windows operating system to infiltrate a hospital’s systems, and then located the database credentials in an unencrypted plain text file, which allowed him to steal the medical records. Instead of posting them immediately, TheDarkOverlord thought that he would be able to get more money for them from the affected companies.

The breach affected three companies: one in Farmington, Missouri, one in Georgia, and another in an unspecified location somewhere in the Central/Midwest United States. Naturally, they all refused to pay, so the hacker determined that the best course of action was to auction them off to the highest bidder. The Georgia haul has reportedly already been quite fruitful for the hacker, and someone has offered to purchase all of the data from insurance provider BlueCross BlueShield (which you may recall getting hacked last year). To these companies, TheDarkOverlord has issued a statement: “Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.”

This ultimatum seems to be just the beginning, as intrusions into the hospital networks themselves seem inevitable. Hackers that can gain access to internal hospital networks can steal medical and financial records of patients, as well as potentially interfere with any connected devices on the network. Criminals could change or alter settings on devices, with patients’ lives hanging in the balance. For doctors and hospital administrators, this possibility must be terrifying, as the institution could face paying an immense ransom fee, or charges for malpractice.

You would think that organizations would have preventative measures put into place that keep sensitive data from being exposed to dangerous hackers. Yet, this is simply not true in some cases. While it’s required that preventative measures are put into place, encryption often isn’t required in order to comply with HIPAA. Thus, the lack of preparation leads to hacks. Additionally, some organizations lack the dedicated internal IT department that can keep systems secure, and that’s not even mentioning data backup. To make matters worse, 25 percent of healthcare institutions have no way to determine if they’ve been hacked, and by the time they know they’ve been the target of ransomware, it’s far too late.

Healthcare, and other high-profile hacking targets, need to understand that they have a giant bullseye painted on their sensitive information. Even a small business has something to offer hackers, however. In order to protect your business, be sure to follow these two steps.

Establish an Iisolated Backup Solution
Whenever there is critical data involved in the day-to-day operation, a backup solution is something that is absolutely necessary for the organization’s safety and security. In the case of a healthcare organization losing their files to some nefarious intruder, a backup will allow them to continue their operations without putting the health and safety of the patients at risk. However, for this backup to be truly effective, it must be isolated from the original system; otherwise, the hacker will likely be able to access the backup as well. As an added advantage, this separation also protects the data against disasters, such as fires, floods, or user error.

Implement a Reliable Defense Strategy
Considering that most external attacks take advantage of system vulnerabilities, this facet is intended to remove the vulnerabilities from your system. As vulnerabilities come in different varieties, your strategy will need to be multifaceted to cover all of your bases. Install and maintain reliable antivirus and malware blockers, and educate yourself and your users on industry best practices for data security.

To protect your business’s infrastructure from external threats, reach out to us at (732) 360-2999, and subscribe to our blog.

August 5, 2016
Directive