The U.S. Federal Bureau of Investigation (FBI) is investigating recent ransomware attacks against two healthcare covered entities (CEs). The first is Rehoboth McKinley Christian Health Care in New Mexico, which serves the Navajo community in the area. The second is Allergy Partners in North Carolina. An uptick in cyberattacks, particularly on healthcare providers, has federal agencies and researchers concerned. CEs and their business associates (BAs) must utilize strong cybersecurity measures to remain HIPAA compliant and to safeguard patient’s protected health information (PHI).
RELATED: HIPAA Stands For . . .
What is ransomware?
Ransomware is malware (or malicious software) that essentially holds data hostage until a victim pays a ransom to have it released. Victims normally download malware contained in phishing emails that include malicious attachments or fraudulent links. The idea is to entice a victim to click and/or share user information, opening a door to allow a cyberattack.
Increasingly, ransomware attacks include exfiltration, in which threat groups steal and then leak data to force bigger payoffs. This type of double extortion attack tries to force victims into paying. The FBI first warned about this with the Maze ransomware group in January 2020. IT specialists and CEs still debate if healthcare organizations should pay a ransom. Specialists say no, but some CEs are on the fence as they consider the immediate and future costs of ransomware.
The two recent ransomware attacksIn February, Rehoboth became the victim of a cyberattack by the Conti ransomware group. The threat actors posted PHI online, including:
- Passport details
- Drivers licenses
- Bills of sale
- Prescription information
- Diagnoses and treatments
Also involved in the leak were employee job applications and background check authorizations. There is no word on the type of ransomware attack or if the hospital paid the ransom. Since the initial posting, the threat group removed the listing. In a statement to NBC, a Rehoboth spokesperson stated that the hospital has “since implemented additional security measures” and that “patient safety [remains a] top priority.” The Allergy Partners attack also occurred in February. Ransomware infected its system on February 23, lasting for eight days. The hackers demanded $1.75 million from the hospital for access to its encrypted data. It is unclear who the attacker was or if a ransom was paid. In both cases, the CEs hired third-party investigators to research the attack, along with the FBI.
Why does ransomware matter to the FBI?
The Conti ransomware group, which attacked Rehoboth, concerns officials because of its attack rate and reliance on double extortion. As for Allergy Partners, the attack lasted for eight days, with the threat actors asking for a huge ransom. Unfortunately, healthcare cyberattacks more than doubled in the last year. Moreover, of the ransomware attacks in 2020, 70% used exfiltration, like in the Rehoboth attack. And this trend of increased attacks does not seem to be stopping.
RELATED: HIPAA Breach Report for March 2021
Ultimately, more attacks combined with the COVID-19 pandemic add unnecessary stress to CEs trying to properly care for patients. Additionally, recent reports suggest that data breaches have lasting negative effects on hospitals and patients. It only makes sense for the FBI to get involved.
How to protect yourself and your patientsRansomware attacks and their associated costs serve as a reminder to always use strong cybersecurity. Such breach prevention strategies should include:
- Regular recovery tests
- Offline backups
- Continuous employee awareness training
- Strong access controls
- Strict policy enforcement
- Threat detection programs
Utilizing a clear-cut business continuity plan along with a layered cybersecurity program ensures a comprehensive approach to PHI protection. And especially, CEs must employ solid email security because of the increased opportunity of becoming a ransomware victim. Our HIPAA compliant email solution, Paubox Email Suite Plus, requires no change in user behavior. With our HITRUST CSF certified solution, all outbound emails are encrypted and sent directly from an existing email platform (such as Microsoft 365 and Google Workspace). Furthermore, malicious emails are blocked even before reaching an employee’s inbox. Stop ransomware from causing your organization and your patients stress. Protect them and yourself before, not after, a cyberattack.