The U.S. and other nations worldwide have pledged to combat ransomware and promote proper cyber hygiene. President Biden met virtually with other world leaders on October 13 and 14 to address the growing problems caused by ransomware attacks.
RELATED: U.S. government unites against ransomware attacks
Recent attacks against important infrastructures and healthcare organizations increased dramatically over the past few years. The government believes that collaboration and a strong response are key to blocking data breaches and encouraging solid cybersecurity practices. Employing strong cybersecurity measures, including email security that guarantees HIPAA compliant email for covered entities, is the surest way to stop ransomware attacks.
A ransomware epidemic
Ransomware is malware (or malicious software) used to deny a victim access to a system until a ransom is paid. Victims typically download malware through phishing emails that include malicious attachments or fraudulent links. Something made easier by the COVID-19 pandemic as threat actors take advantage of worried, stressed, and tired employees. Email is the most accessible threat vector (or entry point) into any system. A simple click can give a hacker access to data for ransom.
RELATED: Hackers release healthcare data in double extortion attacks
Such cyberattacks have disrupted so much that some describe the current onslaught as a ransomware epidemic. Ransomware attacks can halt an organization’s operations and cause a ripple effect of problems. As stated in the White House press release for the October meetings,
From malign operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public, ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity.
Healthcare and ransomware
In 2020, ransomware-related breaches accounted for almost 50% of healthcare cyberattacks. Attacks against healthcare providers have increased 600% due to COVID-19. Healthcare providers are juicy ransomware targets because, among other reasons, hospitals can’t fully operate and treat patients without access to technology or protected health information (PHI). And unfortunately, a disruption of critical services is just one of several reasons that covered entities are more likely to pay a ransom.
RELATED: To pay or to not pay for stolen data
When confronted with a breach, healthcare providers may face unrecoverable PHI, service interruptions, HIPAA violations, and upset patients. And possibly patients’ deaths.
Government response and intervention
Sadly, the aftermath of a ransomware attack can be difficult for many organizations to resolve. This is why the U.S. government has ramped up its involvement in ransomware attacks. In fact, the U.S. government elevated the threat level of ransomware, giving it a similar priority as terrorism to ensure centralized coordinated investigation and mitigation. And in the summer, President Biden signed an executive order and wrote a National Security Memorandum to announce action to protect critical infrastructure. Recently, representatives of over 30 nations met to discuss the growing threat:
| Australia |
Brazil |
Bulgaria |
Canada |
| Czech Republic |
Dominican Republic |
Estonia |
European Union |
| France |
Germany |
India |
Israel |
| Italy |
Japan |
Kenya |
Lithuania |
| Mexico |
Netherlands |
New Zealand |
Nigeria |
| Poland |
Republic of Korea |
Romania |
Singapore |
| South Africa |
Sweden |
Switzerland |
Ukraine |
| United Arab Emirates |
United Kingdom |
United States |
|
National Security Advisor Jake Sullivan was quoted saying that those invited “recognize the urgency of the ransomware threat.” Countries known for hosting nation-state threat actors, like Russia and China, were left off the list. The approach of the collaboration was three-fold: improve network resilience, address financial mechanisms, and disrupt the ransomware ecosystem. As stated in the press release, “A nation’s ability to effectively prevent, detect, mitigate and respond to threats from ransomware will depend, in part, on the capacity, cooperation, and resilience of global partners, the private sector, civil society, and the general public.” Accordingly, the entire process will take a concerted effort to block ransomware operations through diplomatic efforts.
Cybersecurity best practices
No actual mitigation strategies were provided at this stage. But several U.S. security agencies have recently released guidance on safeguarding personally identifiable information (PII) and PHI. This includes the Cybersecurity and Infrastructure Security Agency, National Institute of Standards and Technology, and Cloud Security Alliance.
RELATED: U.S. launches one-stop ransomware resource
The U.S. Health and Human Services Office of Civil Rights recently shared some of these guides as resources for healthcare providers. In general, a strong cybersecurity program must include layers of:
- Employee awareness training
- Up-to-date and consistent policies and procedures
- Strong technical and physical access controls
- Patched and updated systems and devices
- Clear recovery and backup plans
RELATED: Why health systems must take ransomware protection seriously
Basic cyber hygiene measures include multi-factor authentication, strong passwords, and antivirus software. And, given the nature of ransomware attacks, email security.
Paubox Email Suite Plus
Paubox Email Suite Plus, our HITRUST CSF certified solution, protects email from inbound and outbound threats.
RELATED: Why healthcare providers should use HIPAA compliant email
It offers strong inbound security features that stop threats like phishing, ransomware, spam, display name spoofing, and more. Our solution also offers a new, patent-pending security feature, Zero Trust Email, which insists on another layer of verification before any email is delivered. It can be used from any existing email platform, such as Microsoft 365 and Google Workspace, and requires no change in email behavior. In a recent statement, President Biden said,
We must lock our digital doors . . . and we must build technology securely by design, enabling consumers to understand the risks in the technologies they buy. Because people—from those who build technology to those to deploy technology—are at the heart of our success.
Try Paubox Email Suite Plus for FREE today.
Kapua Iao
