What if on a Monday morning you arrive at your office and find 100% of all your computers encrypted with ransomware? Your IT vendor comes onsite and says, “We have a major problem! Not only is your data encrypted, but the hackers left a note indicating they STOLE all your data.” Then you find out all of your backups, including your Cloud backup, are gone. Through an investigation, it is determined that hackers installed screen-sharing software four weeks prior to the ransomware attack and have been watching everything you do on your computer—including accessing your Cloud software. What will you do?
It is no secret that healthcare entities have become a favorite target of hackers. What has been woefully under-reported is the sheer number of successful ransomware attacks that have been launched against private practice providers. COVID-19, the election year, and major cyberattacks launched against Fortune 100 companies and hospital groups continue to dominate the news. However, in the past 12 months alone, hackers have also successfully attacked thousands of private medical and dental practices, yet these attacks have been almost completely ignored by the media.
In 2020, we were introduced to a vicious new tactic by cyber criminals where they publish patient records to public-facing, dark-web auction sites if their targets refuse to pay the demanded ransom. Too many practice owners make the mistake of assuming, “the bigger the healthcare entity, the greater the risk,” but the reality is that small- to medium-sized practices are even more attractive targets for criminal hackers.
Most, if not all, large hospitals or physicians’ groups employ dedicated teams of cybersecurity experts who are 100% focused on attack prevention. These teams of experts are typically credentialed, well-trained security professionals who build highly effective security infrastructures designed to find and remediate the areas where those hospitals or large groups are most vulnerable. This strong, but expensive, strategy is one that most small- to medium-sized practices cannot afford. Cyber criminals are well-aware of this deficit, and they typically take the path of least resistance when targeting organizations.
Paul Murphy is a cybersecurity specialist with Black Talon Security. He has more than 20 years of experience in the technology field and regularly leads training and educational workshops on the latest trends in data security, particularly as they relate to the healthcare, legal and financial industries. Contact him at blacktalonsecurity.com.