We are only three months into 2019 and there have already been numerous reports of cyberattacks, many of which are in the Healthcare industry. With no real hope of things slowing down, it’s important we stay informed and learn from the mistakes of others. Here are two ransomware attacks reported this year and what we can do to help avoid similar breaches.
Jackson County, GA Breach
Jackson County, GA is one of the latest victims of ransomware attacks, first confirmed by officials on March 1, 2019. The reported cyberattack shut down the entire county’s local government systems, leaving only the website and 911 emergency services active.
Ransomware is a type of malware that maliciously encrypts your data to prevent you from accessing it unless you pay a ransom to the creators of the ransomware. The origin of the attack has not currently been released, but ransomware is typically carried through phishing attacks that either contain a malicious attachment or instruct recipients to click on a URL that will downloads malware.
After the official notification of breach, Jackson County Sheriff Janis Mangum told StateScoop in an interview, ”Everything we have is down. We are doing our bookings the way we used to do it before computers. We’re operating by paper in terms of reports and arrest bookings. We’ve continued to function. It’s just more difficult.”
Following the breach, Jackson County officials notified the FBI and consulted with a cybersecurity expert to communicate directly with the attackers, hoping to mitigate as much damage as possible. Post negotiations, the Georgia county paid a ransom of $400K to receive the encryption key and regain access to their systems. County officials stated the ransom fee would cost about the same as paying for the systems to be restored but this choice would restore their systems sooner, as reported by local TV station 11alive.com.
Jackson County Manager Kevin Poe stated that “we had to make a determination on whether to pay. we could have literally been down months and months and spend as much or more money trying to get our system rebuilt.”
Paying ransom has been a highly debated topic among cybersecurity experts. The ramifications of an attack still apply, regardless of payment, and there is no guarantee data will be returned. Some argue that payment potentially increases the likelihood a company will be targeted again.
Columbia Surgical Specialists Breach
Regardless of the controversy, paying ransom is the choice most often made. Another recent example is Columbia Surgical Specialists of Spokane in Washington.
Columbia Surgical Specialists were first aware of a ransomware attack in early January of 2019. Nearly 400,000 patient records containing names, driver’s license numbers, Social Security numbers and many other types of PHI were compromised. Again, the direct vulnerability has not been released, but Columbia Surgical Specialists made assurances that the issues have been addressed and they will continue to review internal protocols to prevent a future attack.
The specialists group made the decision to pay a ransom demand of almost $15K in cryptocurrency to receive the decryption key and reclaim access to their systems and patient records.
“We received notice from the people that encrypted the files just a few hours before several patients were scheduled for surgeries, and they made it clear we would not have access to patient information until we paid a fee,” explained Columbia Surgical Specialists. “We quickly determined that the health and well-being of our patients was the number one concern, and when we made the payment they gave us the decryption key so we could immediately proceed unlocking the data.”
Columbia Surgical Experts said they learned the hard way that breach investigation is a slow process. It takes time to even become aware that a breach could have occurred and much longer to piece together what exactly happened and the extent of the damage.
What We Learn
It's a common understanding that if we don't learn from the past we are doomed to repeat it. What lessons can we take away from these breaches? Here are few quick things to think about when you review the security of your practice.
- Do I have a backup system in place?
Often, practices choose to restore data from a backup rather than pay the ransom. But how that backup data is stored, how it connects to your other systems, and how frequently information is updated are all things to consider, even if you currently have a backup system in place.
- Do you have secure email and phishing prevention software in place?
Do you run regular phishing scam simulations to determine how many employees are prone to becoming victims? These regular scans not only help identify weak links in your system, but also provide a foundation for ongoing employee awareness training.
- Does your practice have a breach response plan?
Every organization – regardless of size, industry, security protocols – should have a disaster recovery and breach response plan. Some regulated industries require a response plan, all states have breach notification laws companies must adhere to, but all organizations should approach the task with intentionality and gravity.
How We Help
Medicus IT has created and compiled some of the leading cybersecurity, backup and recovery, and prevention monitoring services in the Healthcare industry. We conduct free network assessments to provide our clients ways of improving security, and offer system and web monitoring to ensure you remain secure.
If you don’t know the answers to the previous questions, or you want to learn more about the type of ransomware and cybersecurity Medicus IT can provide, please contact us. We would be glad to walk through a network assessment with you and see how we can better secure your practice.