Paubox blog: HIPAA compliant email made easy

Nations pledge to combat ransomware

Written by Kapua Iao | October 28, 2021

The U.S. and other nations worldwide have pledged to combat ransomware and promote proper cyber hygiene. President Biden met virtually with other world leaders on October 13 and 14 to address the growing problems caused by ransomware attacks.

RELATED: U.S. government unites against ransomware attacks

Recent attacks against important infrastructures and healthcare organizations increased dramatically over the past few years. The government believes that collaboration and a strong response are key to blocking data breaches and encouraging solid cybersecurity practices. Employing strong cybersecurity measures, including email security that guarantees  HIPAA compliant email for covered entities, is the surest way to stop ransomware attacks.

 

A ransomware epidemic

 

Ransomware is malware (or malicious software) used to deny a victim access to a system until a ransom is paid. Victims typically download malware through phishing emails that include malicious attachments or fraudulent links. Something made easier by the COVID-19 pandemic as threat actors take advantage of worried, stressed, and tired employees. Email is the most accessible  threat vector (or entry point) into any system. A simple click can give a hacker access to data for ransom.

RELATED: Hackers release healthcare data in double extortion attacks

Such cyberattacks have disrupted so much that some describe the current onslaught as a  ransomware epidemic. Ransomware attacks can halt an organization’s operations and cause a ripple effect of problems. As stated in the White House press release for the October meetings,

From malign operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public, ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity.

Healthcare and ransomware

 

In 2020, ransomware-related breaches accounted for almost 50% of healthcare cyberattacks. Attacks against healthcare providers have increased 600% due to COVID-19. Healthcare providers are juicy ransomware targets because, among other reasons, hospitals can’t fully operate and treat patients without access to technology or protected health information (PHI). And unfortunately, a disruption of critical services is just one of several reasons that covered entities are more likely to pay a ransom.

RELATEDTo pay or to not pay for stolen data

When confronted with a breach, healthcare providers may face unrecoverable PHI, service interruptions, HIPAA violations, and upset patients. And possibly patients’ deaths.

 

Government response and intervention

 

Sadly, the aftermath of a ransomware attack can be difficult for many organizations to resolve. This is why the U.S. government has ramped up its involvement in ransomware attacks. In fact, the U.S. government elevated the threat level of ransomware, giving it a similar priority as terrorism to ensure centralized coordinated investigation and mitigation. And in the summer, President Biden signed an executive order and wrote a National Security Memorandum to announce action to protect critical infrastructure. Recently, representatives of over 30 nations met to discuss the growing threat:

 

Australia Brazil Bulgaria Canada
Czech Republic Dominican Republic Estonia European Union
France Germany India Israel
Italy Japan Kenya Lithuania
Mexico Netherlands New Zealand Nigeria
Poland Republic of Korea Romania Singapore
South Africa Sweden Switzerland Ukraine
United Arab Emirates United Kingdom United States  

 

National Security Advisor Jake Sullivan was quoted saying that those invited “recognize the urgency of the ransomware threat.” Countries known for hosting nation-state threat actors, like Russia and China, were left off the list. The approach of the collaboration was three-fold: improve network resilience, address financial mechanisms, and disrupt the ransomware ecosystem. As stated in the press release, “A nation’s ability to effectively prevent, detect, mitigate and respond to threats from ransomware will depend, in part, on the capacity, cooperation, and resilience of global partners, the private sector, civil society, and the general public.” Accordingly, the entire process will take a concerted effort to block ransomware operations through diplomatic efforts.

 

Cybersecurity best practices

 

No actual mitigation strategies were provided at this stage. But several U.S. security agencies have recently released guidance on safeguarding personally identifiable information (PII) and PHI. This includes the Cybersecurity and Infrastructure Security Agency, National Institute of Standards and Technology, and Cloud Security Alliance.

RELATED: U.S. launches one-stop ransomware resource

The U.S. Health and Human Services Office of Civil Rights recently shared some of these guides as resources for healthcare providers. In general, a strong cybersecurity program must include layers of:

  • Employee awareness training
  • Up-to-date and consistent policies and procedures
  • Strong technical and physical access controls
  • Patched and updated systems and devices
  • Clear recovery and backup plans

 

RELATED: Why health systems must take ransomware protection seriously

Basic cyber hygiene measures include multi-factor authentication, strong passwords, and antivirus software. And, given the nature of ransomware attacks, email security.

 

Paubox Email Suite Plus

 

Paubox Email Suite Plus, our  HITRUST CSF certified solution, protects email from inbound and outbound threats.

RELATED: Why healthcare providers should use HIPAA compliant email

It offers strong inbound security features that stop threats like phishing, ransomware, spam, display name spoofing, and more. Our solution also offers a new, patent-pending security feature,  Zero Trust Email, which insists on another layer of verification before any email is delivered. It can be used from any existing email platform, such as  Microsoft 365 and  Google Workspace, and requires no change in email behavior. In a recent statement, President Biden said,

We must lock our digital doors . . . and we must build technology securely by design, enabling consumers to understand the risks in the technologies they buy. Because people—from those who build technology to those to deploy technology—are at the heart of our success.
Try Paubox Email Suite Plus for FREE today.