REvil, Netwalker, and Conti ransomware hackers recently shared stolen protected health information (PHI) from three separate healthcare cyberattacks on the dark web.They didn’t release the entire data collection because they are conducting a double extortion attack. This initial data leak is a strategy to get victims to comply with their demands. By releasing part of the data, the criminals hope to force victims to pay a ransom to prevent further data leaks or stop data from being put up for auction. If the victims do pay, the criminals say they will return the data. But they run the risk of the hackers not returning all of it or asking for even more money.
What happened?
Three different ransomware attacks caused massive data breaches for healthcare providers. Hackers have released some of the stolen information to the dark web to extort victims for money.
Beacon Health Solutions: REvil published 600 GB of this healthcare business associate’s sensitive information. The hackers have scheduled ten more leaks, each with 60 GB of data, possibly including Social Security numbers, bank documents, and other personal details.
Wilmington Surgical Associates: NetWalker claims to have stolen more than 13 GB of data from the North Carolina specialist, including thousands of documents containing sensitive information. They haven’t released the data but did post file names as proof they have it.
Riverside Community Care: The hackers behind Conti ransomware posted sensitive files of drivers’ licenses, incident reports, and employee information from the Massachusetts provider.
One of the most significant consequences of having your network compromised is the inability to run your day-to-day healthcare operations. You can remedy this by having a business continuity plan in place.But what you can’t prevent is cybercriminals releasing data to the dark web after it is taken.SEE MORE: Global Surges in Ransomware Attacks in Q3 2020Hackers commonly encrypt stolen data and only unencrypt it in exchange for money. If they want to ensure they get paid, they use the double extortion method. Double extortion involves threatening to release data on the dark web if the victim does not pay a ransom. However, paying a ransom is risky because hackers may turn around and ask for more money or not meet their end of the deal.It’s a lose-lose situation for healthcare providers that might already be facing a HIPAA violation for the data breach. They may have to pay a massive fine with a potentially costly corrective action plan.SEE MORE: The Costs of Ransomware Attacks
How ransomware gets into your system
Ransomware attacks most commonly find their way into a network system from one of three entry points:
While patching vulnerabilities and routine monitoring can protect your IT system, human error may end up being your most prominent threat for a ransomware attack.SEE MORE:Hacking and Human Error: Two Enemies of HIPAA ComplianceHackers have taken advantage of the panic surrounding the pandemic and have increased ransomware phishing email attacks. A simple click is all they need to enter your network and launch a double extortion attack.
How to avoid double extortion attacks
The best way to avoid double extortion attacks is to build strong safeguards that prevent hackers from entering your network in the first place. First, educate your employees on phishing. Employee training on HIPAA compliance and the need for constant vigilance against cyberattacks makes a huge difference.SEE MORE: Why Investing in Ongoing Cybersecurity Training is Good BusinessSecond, take the guesswork away from your employees as much as possible. In addition to enabling you to send HIPAA compliant email by default, Paubox Email Suite Plus provides robust inbound security tools to stop email threats from reaching a user’s inbox and protects you from receiving spam, viruses, ransomware, and phishing emails.Paubox blocks threats before they become a huge problem for your network system.Investing in a strong security system is much cheaper than paying a cybercriminal’s ransom HIPAA fines.