TOP 10 Vital Strategies for Healthcare (or ANY) Organizations to Prevent Ransomware Attacks

Change Healthcare, a major U.S. healthcare company, reportedly paid $22 million to the BlackCat ransomware group after a cyberattack disrupted services nationwide. However, the cybercriminal who facilitated the attack claims they were cheated out of their share of the ransom, leaving sensitive data intact.

ransomware

According to researchers, a hacker forum post suggested that UnitedHealth Group paid $22 million to regain access to data and systems encrypted by the “Blackcat” ransomware gang. While neither UnitedHealth nor the hackers have commented on the alleged payment, a cryptocurrency tracing firm partly supported the claim.

It’s common for large companies hit by ransomware attacks to pay hackers to restore control, especially after significant disruptions. The forum post, implicated a Blackcat partner in the intrusion into UnitedHealth and included a link showing the transfer of about 350 bitcoins, valued at around $23 million, between digital wallets.

The attack has caused financial strain for medical providers, leading to challenges such as delaying treatments and struggling to cover expenses. Lawmakers and industry leaders are pressuring the government for relief measures, including accelerated payments for Medicare providers.

Despite these efforts, the shutdown of Change Healthcare’s operations has left providers without vital insurance approvals and payments, exacerbating financial pressures. UnitedHealth Group, which owns Change Healthcare, has not provided a timeline for restoring operations, and the attack highlights the vulnerability of patient data in interconnected healthcare systems.

While some operational challenges have been addressed, the prolonged shutdown has left providers grappling with unpaid claims and uncertainty about the future.

The hospital industry has called for emergency funding, criticizing United’s response and government initiatives like loan programs as insufficient. Providers, such as therapists and cancer centers, are facing financial strain and uncertainty as they seek alternative payment clearinghouses and struggle to cover expenses.

Lawmakers are advocating for additional support to ensure providers can continue offering comprehensive care amid the ongoing disruption.

In an era of increasing cyber threats, healthcare organizations are particularly vulnerable to ransomware attacks due to the sensitive nature of patient data and the criticality of uninterrupted services. Ransomware attacks can disrupt operations, compromise patient confidentiality, and result in significant financial losses. However, with proactive measures and robust cybersecurity practices, healthcare organizations can strengthen their defenses against ransomware threats. Here are ten essential tips for preventing ransomware attacks:

1. Implement Comprehensive Security Awareness Training: Educate all staff members about the risks associated with ransomware attacks and the importance of cybersecurity best practices. Regular training sessions should cover topics such as identifying phishing emails, avoiding suspicious links and attachments, and reporting potential security incidents promptly.

2. Keep Software and Systems Up to Date: Regularly update all software, operating systems, and firmware to patch known vulnerabilities. Outdated software and systems are often exploited by cybercriminals to gain unauthorized access to healthcare networks. Implement automated patch management systems to ensure timely updates across all devices and endpoints.

3. Deploy Next-Generation Antivirus Solutions: Traditional antivirus software may not offer sufficient protection against evolving ransomware threats. Invest in next-generation antivirus solutions that utilize advanced threat detection techniques, such as behavior analysis, machine learning, and endpoint detection and response (EDR) capabilities. These solutions can detect and mitigate ransomware attacks in real-time.

4. Implement Least Privilege Access Controls: Restrict user privileges to the minimum level necessary for performing job functions. Limiting access rights reduces the likelihood of ransomware spreading laterally across the network in the event of a breach. Implement strong authentication mechanisms, such as multi-factor authentication (MFA), to prevent unauthorized access to sensitive data and systems.

5. Enable Network Segmentation: Segment the network into distinct zones or segments to contain the spread of ransomware in the event of a breach. Implement strict access controls and firewall rules to regulate traffic between network segments. Isolate critical systems and sensitive data to minimize the impact of ransomware attacks on essential healthcare services.

6. Regularly Back Up Data: Maintain regular backups of critical data and systems to facilitate timely recovery in the event of a ransomware attack. Backups should be stored securely offline or in a separate, isolated network environment to prevent them from being compromised by ransomware. Test backup and recovery procedures regularly to ensure their effectiveness.

7. Conduct Regular Vulnerability Assessments and Penetration Testing: Identify and remediate security vulnerabilities proactively through regular vulnerability assessments and penetration testing. Assess the security posture of networks, systems, and applications to identify weaknesses that could be exploited by ransomware attackers. Address identified vulnerabilities promptly to reduce the risk of exploitation.

8. Develop and Test an Incident Response Plan: Establish a comprehensive incident response plan that outlines procedures for responding to ransomware attacks and other security incidents. Define roles and responsibilities, escalation procedures, and communication protocols to ensure a coordinated response. Conduct tabletop exercises and simulated drills to test the effectiveness of the incident response plan.

9. Monitor Network Activity and Anomalies: Implement robust monitoring tools and security information and event management (SIEM) solutions to monitor network activity and detect anomalous behavior indicative of ransomware activity. Configure alerting mechanisms to notify security teams of potential security incidents in real-time. Investigate and respond to alerts promptly to mitigate threats effectively.

10. Foster a Culture of Cybersecurity Awareness and Vigilance: Cultivate a culture of cybersecurity awareness and vigilance among employees, encouraging them to remain vigilant against potential threats and report any suspicious activities promptly. Promote open communication channels for reporting security incidents and provide incentives for proactive security behavior.

By adopting these ten essential strategies, healthcare organizations can enhance their resilience to ransomware attacks and safeguard patient data, critical systems, and essential healthcare services. Proactive cybersecurity measures, combined with comprehensive training, regular updates, and robust incident response capabilities, are key to mitigating the risk of ransomware threats in the healthcare OR ANY sector.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Medical Identity Theft: 12 Million Patients Breached

Quest Diagnostics is a US-based company that provides medical testing services, and announced that it used third-party billing collection companies that were hit by a severe data breach. In fact, about 11.9 million Quest customers were affected.

The compromised information could include personal data of the patients, including Social Security numbers, as well as medical and financial information. However, laboratory test results aren’t included in the breach.

What Happened?

The AMCA (American Medical Collection Agency) is a billing collection service provider and informed Quest Diagnostics that it had an unauthorized user who gained access to the AMCA system, which contained personal information that AMCA got from a variety of entities, including Quest. AMCA provides its collections services to Optum360, which is a Quest contractor. Both Optum360 and Quest are working with experts to investigate the issue.

The company also noted that it still doesn’t have much information about the data security incident at AMCA, and it doesn’t know for sure what data was compromised. However, the company no longer sends its collection requests to AMCA and won’t do so until the issue is resolved.

Quest filed an SEC filing, which revealed that the attackers gained access to the AMCA system between August 2018 and March 2019.

According to one data breach website, Gemini Advisory analysts first discovered the breach. The analysts noticed a CNP (Card Not Present) database, which had posted for sale on the dark web’s market. It figured out the data could have been stolen through the AMCA online portal. Gemini Advisory attempted to contact AMCA but received no response, so it contacted the US federal law enforcement agency.

A spokesperson for AMCA says that, upon receiving the information that there was a possible data breach from a compliance company that worked with other credit card companies, it conducted an internal investigation and took down its payments page online. The company also said it was investigating the breach with the help of an unnamed third-party forensics company.

The Quest breach targeted primarily financial data with personal information (SSNs). That kind of information is significantly more lucrative than health information, which isn’t really marketable by criminals, at least not yet. The financial information disclosed was comprehensive and included bank accounts and credit card numbers. Therefore, victims could get their identities stolen and have financial transactions completed in their name.

Users of the website or the company need to get a credit freeze and monitor their bank accounts and credit cards for any unusual activity and might want to freeze their credit reports so that no new credit lines can be taken out in their name.

Action needs to be taken now to freeze your information with the credit bureau and warn the credit bureaus that your financial information might have been compromised. Along with such, financial institutions usually have programs available to take corrective action, which can prevent your credit card or account from being used without permission if your account has been compromised.

The issue is that insurance and healthcare information doesn’t have such a centralized process, which makes it extremely tough to prevent the use of this information from someone who doesn’t have permission to use it.

The Cybersecurity evangelist of Thales, Jason Hart, chimed in with the fact that multi-factor encryption and authentication of the collected data might have saved the companies and victims from having problems.

The VP of innovation and global strategy at ForgeRock, Ben Goodman, noted that this is the second known breach for Quest in just three short years. As a public company, it could lead to a variety of serious repercussions with respect to brand reputation, shareholder trust, and stock prices. He also said that the exposed data might result in litigation. When First American Financial Corporation was breached, it took just a few days for the company to get hit with a class-action lawsuit when it exposed 885 million documents full of sensitive information just last week.

The CISO and Senior Director for Shared Assessments, Tom Garrubba, wants to see just how quickly the Office of Civil Rights (an overseer of HIPAA compliance), rushes in to get information about the breach and to determine if any negligence was there and if Quest is to blame (partially or fully).

Through the HIPAA Omnibus Rule, business associates must handle any data with the care provided to covered entities (outsourcers). Those business associates have to provide due diligence to the covered entity.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon.com author, CEO of Safr.Me, and the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Faulty Tire Repair could break your Neck

Roy Chattelle was on a road trip in 2008 and suffered what seemed like a minor tire leak. So he got the tire repaired. Many people think nothing of pulling into the nearest tire shop and getting that little puncture or tear repaired or “plugged.”

7HA few months after this routine repair, the tire blew, causing the vehicle to flip five times. Chattelle and his kids recovered from their injuries, but wife Gwen had a very different outcome: She was rendered permanently paralyzed from the neck down.

An investigation into what caused this tire to blow out revealed that the tire shop was negligent: faulty repair and installation, leading to a thread belt separation. The Chattelles were awarded over $13 million.

According to an article at boston.cbslocal.com, many tire shops repair leaks from the outside of the tire. Glen Wilder of Wilder Brothers Auto is quoted as follows: “They just jam rubber into it until it stops leaking.”

When you take your slowly leaking tire, or tire that has a little nail in it, to the tire shop, do you really know what the employee there will do to ensure that the repair means a perfectly safe tire to drive on?

Wilder explains that the inside of the tire needs to be inspected. Sometimes tire shops won’t do this, upping the risk of a blowout. Repairs should be made with a plug-patch and also with a rubber sealant—and not all tire shops follow this recommendation, which comes from tire manufacturers.

Not only that, but there is no law making it illegal for tire shops to deliver substandard tire repairs. It’s legal to perform a shoddy repair using superglue, for instance.

In fact, bad tire repairs are common, says an article at newyork.cbslocal.com. “This is a dirty little secret,” says Robert Sinclair, AAA spokesman. Anything goes, he says, because there’s just no law that requires a minimum standard of tire repair. He points out that some tires are repaired with spit and tape, sawdust or “whatever is laying around.”

A punctured tire should be removed from the rim and inspected. Al Eisenberg, a tire repair expert for 30 years in Long Island, notes that shoddy repairs are a ticking time bomb. “It’s not a matter of if, but when that tire will blow.”

So what should you do?

Just buy a new tire. Forget worrying about whether or not the punctured or gashed tire was repaired effectively. If your circumstances leave you with no choice but to have the new tire installed at a shop other than the one at your vehicle’s dealership, then as soon as possible after the repair, take your vehicle into its dealership to have the new tire installation inspected to make sure it was done properly.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Healthcare High on Hackers’ Hitlist

If you think that retailers are the biggest target for cyber criminals, you have it more than a wee bit wrong. Hackers are really going after the healthcare and pharmaceutical industries. In fact, “Will Healthcare Be the Next Retail?” is the name of a recent report released by BitSight Technologies, a security ratings firm.

4DThe report claims that not all victims of healthcare hacking report breaches, so figuring out the total number of these attacks is difficult. However, the Ponemon Institute released a report stating that hacking into healthcare and insurance companies has jumped 100 percent since 2010.

Why such a jump? It could be due to the fact that healthcare-type enterprises have gotten onto the BYOD (bring your own device) bandwagon. This is almost analogous to an employee infected with a stomach virus coming into the building and spreading the sickness.

Another dynamic: as more doctors use technology to stay connected to their patients, it won’t be surprising to see breaches become more common in the healthcare sector.

What distinguishes healthcare-industry hacking from retail hacking is that the retail hacker simply wants a credit card number. But the crook who cracks into medical records—that’s your patients’ individual profile chockfull of personal medical information.

Healthcare hackers may want to steal your patients’ identities to commit insurance fraud, so your records should be diligently monitored.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Healthcare Providers Gaining Trust by Marketing Security

You’ve surely heard of “B2B” or business-to-business marketing. The new game plan is “B2C” – business to consumer marketing, particularly in the healthcare industry. The Affordable Care Act allows healthcare organizations to directly deal with consumers on a massive scale for the first time. However, this comes with some challenges, namely, how to effectively reach potential consumers and differentiate their organization from the competition.

3DOrganizations must take notice that potential enrollees aren’t just concerned about cost and coverage, but two less apparent concerns: privacy and security.

Consumers want reassurance that their data is protected. They can’t get all the data breach fiascos out of their mind. According to the TRUSTe 2014 U.S. Consumer Privacy Report, 92 percent of U.S. Internet users are worried about their online privacy. Of these, 47 percent are frequently worried.

So even though a potential enrollee may have complete faith in your service and reputation, they may be unnerved by the pathways of information exchange: the Internet, mobiles, wireless networks, computers. They know that their personal health data is out there in “space,” up for grabs.

If you want strong enrollment numbers and loyal customers, you must put the consumer’s concern for the protection of their personal health information at the top of the priority list. No way around this. If consumers don’t get assurance from you, they won’t stick around for it; they’ll take their business elsewhere.

So what will you do to put consumers’ apprehension at ease? One way to accomplish this is to facilitate a security and privacy program to ease consumer anxiety.

AllClear ID provides the following guidelines for healthcare insurers and providers:

  • Continue to use state-of-the-art IT techniques to secure cloud services, access points, databases and mobile devices; and to better monitor systems for breaches.
  • Improve security of corporate devices and employees’ personal mobile devices used for work.
  • Enhance employee training at all levels to decrease errors, improve device security and ensure HIPAA compliance. Also train employees around how to comfortably talk to customers about how their data will be protected.
  • Institute an identity protection program for enrollees to make them feel safe signing up with you and reduce the pain if there is a breach.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures

Healthcare Establishing Customer Security Programs

Consumers really get stiffed when there’s a data breach, having to change their passwords, replace credit cards, and other bothersome tasks, not to mention the grief over stolen personal information.

10DHealthcare organizations (a prime target of cyber criminals for several reasons) need to think beyond the approach of, “Here’s how we’re protecting your data,” and shift their way of thinking to, “We are dead serious about our customers’ security.”

This is how healthcare organizations can be truly proactive. While organizations can’t reveal too much information about their security plans (since this can make it easier for exploitation), they DO need to be generous with candid messages about how vital it is to protect consumer data.

Throwing around the same generic, recycled language about “Here’s what we’re doing to protect you” no longer cuts it and doesn’t build a lot of trust in the consumer. Instead, organizations should impress upon consumers their devotion to security in meaningful and understandable ways.

Consumer security should be free to the customer. This will delight consumers and help ease their anxieties over data safety, while setting the organization apart from its competitors. That’s how to put the brand’s reputation at the top and build customer loyalty.

Key Features of a solid customer security program

  • Information must be protected at the time of sign-up/data collection, and protected should data be lost.
  • Being accountable for a data recovery and restoration in the event of a breach; this will build customer loyalty.
  • Financial loss must be recovered.
  • Credit reports must be restored.

According to AllClear ID, here is how healthcare organizations can make an impression on their customers:

  • Implementation of the most current IT practices should be done because it is paramount to secure mobile devices, access points, databases, cloud services, etc., and to better keep tabs on systems for breaches.
  • The security of employees’ personal mobiles and the organization’s devices needs to be stronger.
  • Employee training must be improved, from the bottom up, to reduce mistakes.
  • HIPAA compliance needs to be reinforced.
  • An identity protection plan must be created so that potential customers will have confidence in enrolling and feel less anxious about the fallout of a security breach.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.