Ransomware has become the bane of small businesses, local governments, and medical practices. It’s a low-risk way for cybercriminals to make money with very little effort. Because of this, there has been a sharp rise in the number of ransomware incidents in 2019. According to a recent Malwarebytes report, ransomware attacks have increased by 195% against small businesses in the first quarter of 2019. This week’s case study shows a recent ransomware attack that impacted 25,148 patient records.
In February 2019, employees of Southeastern Council on Alcoholism and Drug Dependence (SCADD) discovered that there were disruptions in their computer network operations. This lead to the discovery of ransomware on some of their computers. A third party forensics team was called in to investigate.
What was the result?
The third-party forensics firm determined that Protected Health Information (PHI) was encrypted by the ransomware. In this case, patient names, addresses, treatment information, medical histories, and Social Security numbers were encrypted.
The forensics firm was unable to conclusively prove that the attackers didn’t access the patient data. The total number of records affected was 25,148. Because of this, SCADD reported the incident to the Department of Health and Human Services Office of Civil Rights as a HIPAA breach. In addition, they have sent notification letters out to all patients impacted in the breach to advise them of the situation.
To date, there has been no evidence that the patient data has been misused by third parties.
Why do we see so many recent ransomware attacks?
Ransomware is a low-risk attack for cybercriminals. Most live in countries that would never extradite their citizens to the US. This means that even if they were located, they would never be brought to justice for their crimes. In addition, a great deal of money can be made and it doesn’t require a lot of effort to do. Attackers can automate a good bit of the attack process and sit back and wait for their victims. This presents a low-risk. high reward situation for them.
As the focus of ransomware moves more and more to medical practices and small businesses, the amount of money that can be made will increase. Cybercriminals have also become more sophisticated in their methods of attack to ensure that their ransomware is very effective. The more effective the attack, the higher the chances that the victim will pay.
Lastly, most small businesses and medical practices don’t invest enough in cybersecurity. Cybersecurity as a real threat has only recently made it to the forefront. With news reports of breach after breach, only now are small businesses starting to see the impact that could happen to their operations. This with a smaller budget makes small businesses and practices very attractive targets.
Ransomware won’t be going away any time soon.
How can you stop ransomware attacks from happening?
Stopping ransomware is a multi-tiered approach. The first step is to make sure that you keep all of your computers up to date with patches. This will help plug the holes that attackers can use to infect your computers.
The next step is to ensure that you have commercial grade anti-malware software installed on each computer on your network. Don’t use free anti-malware software as most don’t do real-time scanning. This is critical to help keep your systems secure.
Do not allow remote connections via remote desktop connections that do not go through a VPN. Require a VPN connection for all remote access. This will prevent attackers from simply going straight to your systems with brute force attacks.
Make sure you have spam filtering on your email. Many infections start with a phishing email. Spam filtering can help cut this number down.
Lastly, use strong passwords on all user accounts and set accounts to lock out after 3 incorrect password guesses. This will prevent brute force attacks on your computers.
Following these steps will go a long way into helping prevent a ransomware attack on your network.