More than 350 million dollars in victim funds were paid as a result of ransomware attacks in the past year. Cyberattacks are more than an inconvenience for businesses since healthcare organizations depend on their networks to fully operate. A network malfunction could even lead to death, as when a patient died in Germany because a hospital couldn't admit her after a ransomware attack. Now the US government is stepping up and focusing on improving data protection and preventing cyberattacks.
Why is the US government focusing on ransomware attacks?
Although cyberattacks continue to be on the rise, governments often don't provide resources to combat security threats. This problem has only been exacerbated by the pandemic when cybercriminals began to issue coronavirus-themed scams targeting overwhelmed healthcare networks. In 2020, healthcare organizations saw an increase in both attempted and successful data breaches. Q3 2020 saw a 50% increase in daily cyberattacks compared to the first half of the year. The House Homeland Security cybersecurity subcommittee recently held a meeting regarding the threat of ransomware attacks. “It should come as a surprise to no one in this hearing that these ransomware attacks have devastating real-world consequences for Americans,” Andrew Garbarino (R-N.Y.) said at the hearing . “Every minute that a hospital goes down is a minute of missed critical care. The same goes for almost every industry. We must work to put a stop to this.”
What actions is the US taking to protect against ransomware attacks?
The Justice Department recently announced the formation of The Ransomware and Digital Extortion Task Force. The goal of this task force is to prioritize prosecuting ransomware cases and to create and implement a strategy to combat the cybercriminals behind ransomware attacks. The Department of Homeland Security (DHS) has also announced a series of 60-day sprints dedicated to fighting cybersecurity threats. One of these sprints will focus on combating ransomware attacks. Secretary of Homeland Security Alejandro Mayorkas explained, "There are actors out there who maliciously use ransomware during an unprecedented and ongoing global pandemic, disrupting hospitals as hundreds of thousands die. This should shock everyone’s conscience.” The White House is also expected to develop a plan to protect companies from ransomware attacks, but discussions are still in the early days.
What are the best strategies to protect data?
One possible strategy was introduced by the Institute for Security and Technology (IST) with the release of the Ransomware Task Force's Combating Ransomware report. "We felt an urgent need to bring together world-class experts across all relevant sectors to create a ransomware framework that government and industry can pursue, and ensure the continued faith of the general public in its institutions," said Philip Reiner, IST CEO and executive director of the RTF.
The report contains 48 recommendations, and the framework is broken down into 4 separate goals:
- Deter ransomware attacks
- Disrupt the ransomware business model and decrease criminal profits
- Prepare for ransomware attacks
- Respond to ransomware attacks efficiently
These recommendations may be a starting point as companies strategize how to protect themselves from cybercriminals.
What can healthcare providers do to protect themselves?
Healthcare providers need to consistently stay on top of cybersecurity to prevent data breaches. A HIPAA violation could cost healthcare providers more money than it would have taken to protect it in the first place.
Some ways to protect your network include:
- Employee cybersecurity training
- Implementing data backups
- Preventing unauthorized data transmission
- Use strong email filters
Paubox Email Suite Premium enables healthcare providers to send HIPAA compliant email while also protecting patient data. We cover everything from blocking display spoofing scams with our ExecProtect and DomainAge technology to setting up data loss prevention(DLP) rules to avoid data from being sent to unauthorized users.