Cybersecurity Attacks: Prepare or Pay 17,000 in Bitcoin?

Cybersecurity Attacks: Prepare or Pay 17,000 in Bitcoin?

Receive-EmailAbout our Healthcare Services

It is not the first time and unfortunately, it will not be the last that a hospital was the focus of a cyber attack.

The story of a Southern California hospital broke last month after they fell victim to a hacker using malware to infect the institution’s computers, who then demanded 17,000 in bitcoin. If you are not a technology professional, go ahead and Google ‘bitcoin’ – that is complicated in and of itself. However, regardless of the ransom payment method, the attack left the hospital’s system down for more than a week preventing communication amongst employees and restricting access to administrative operations. In order to restore functionality, the hospital had to pay the ransom and obtain a decryption key. While patient records were not compromised according to the news and statements provided by the hospital, there was a significant impact to the hospital on every level related to public trust, operational efficiency and financial metrics. Unfortunately, all too often, organizations react to this type of event rather than proactively protect against it. Although some may argue, it’s hard to ‘get ahead’ of the hackers, there are steps you can take to reduce your vulnerability. Presented below are thoughts around the challenges of cybersecurity and managing your risk.

Cybersecurity Challenges

For an effective cybersecurity program, an organization needs to coordinate its efforts throughout its entire information system. The most difficult challenge in cybersecurity is the ever-evolving nature of security risks themselves. Traditionally, organizations have focused cybersecurity resources on perimeter security to protect only their most crucial system components and defend against known threats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up. As a result, advisory organizations promote more proactive and adaptive approaches to cybersecurity. Similarly, the National Institute of Standards and Technology (“NIST”) issued the Cybersecurity framework in February 2014 that recommend a shift toward detection (continuous monitoring and real-time assessments), response and recovery based on a data-focused approach to security as opposed to the traditional perimeter-based model.

Managing Cyber Risk

The National Cyber Security Alliance (“NCSA”), through SafeOnline.org, recommends a top-down approach to cybersecurity in which corporate management leads the charge in prioritizing cybersecurity management across all business practices. NCSA advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.” NCSA’s guidelines for conducting cyber-risk assessments focus on five key areas:

  • Identifying your organization’s “crown jewels” or your most valuable information requiring protection;
  • Identifying the threats and risks facing that information and their likelihood of occurrence;
  • Assessing the impact of the damage your organization would incur should that data be lost or wrongfully exposed;
  • Assessing the organization’s ability to recover from such an event and planning for timely and appropriate response; and
  • Detecting any nefarious activities (i.e. breach) on your network.

Specific to healthcare, organizations should evaluate the risk to electronic PHI (“e-PHI”) when at rest on removable media, mobile devices and hard drives. We would suggest deploying appropriate measures to safeguard all data stored on portable devices. The media should be encrypted and portable devices should employ a remote device wipe technology to remove data if lost or stolen.

Cyber risk assessments should also consider operations and any regulations that impact the manner in which your organization collects, stores and secures data. Assessing processes and technologies will help to establish the requirements of a mature cybersecurity program, but an organization must also focus on the people who touch those processes and technologies. The most robust cybersecurity program involving technology solutions will be limited without a high level of ‘user adoption’ emdash; your employees understand the risks, embrace their responsibilities and act accordingly. Proper change management can aim to improve or create a governance framework, communication plans, job impact analysis and appropriate training/education to help ensure the success of the cybersecurity efforts.

In conclusion, many healthcare organizations have not appropriately identified the risks and vulnerabilities of their environment, and therefore are failing to adequately safeguard protected health information (“PHI”) and other sensitive data. It is critically important in today’s world to assess your organization’s current state of readiness regarding its ability to Identify, Protect, Detect, Respond, and Recover from a security incident and to take action to achieve your targeted level of readiness going forward.

Similar Threats Across the Ocean

The United States is not the only country vulnerable. The core healthcare services and internal systems at two German hospitals have now also been disrupted by ransomware attacks.

One of the hospitals, Lukas, has reportedly reverted to phone calls, faxing and physical record-keeping for the past few weeks, while the IT systems have been offline. The hospital has also postponed high-risk surgeries until systems are up and running. Fortunately, the IT team at Lukas performs regular backups, but there is a possibility that some data and patient records have been lost.

Another hospital, Klinikum Arnsberg, confirmed that it was targeted in a ransomware attack via an email containing malware. Instant action taken by their cybersecurity teams resulted in the hospital containing the damage: the virus was detected in one server and the other 199 servers were immediately switched off to prevent any further contamination by the malware.

So far, both these hospitals are refusing to pay the ransom. Deutsche Welle, a German publication, reports that it will “take weeks” for the hospitals’ systems to be back to normal.

Ask Our Experts

Please contact a member of Withum’s Healthcare Services Group at [email protected] for further questions or assistance.

The information contained herein is not necessarily all inclusive, does not constitute legal or any other advice, and should not be relied upon without first consulting with appropriate qualified professionals for your individual facts and circumstances.

Previous Post

Next Post