Ransomware attacks are one of the most common cybersecurity problems in healthcare. Covered entities face a weekly average of 109 attack attempts per organization. Cybercriminals spend a lot of time attacking healthcare networks in the hopes of financially extorting the organization. This often means that cybercriminals are constantly testing cybersecurity protocols and finding new vulnerabilities to ensure they get payment from their victims. In the past year, a new threat has emerged from ransomware groups: Triple extortion attacks.
Read more: HIPAA compliant email
A brief history of extortion attacks
Looking into the past shows how cybercriminals continue to evolve with their attacks as technology develops. A basic ransomware attack will infiltrate a network and encrypt data rendering it useless. Cybercriminals will only unencrypt the data if the victim pays a ransom. However, organizations learned to implement a data backup system as part of their business continuity plan. The backup servers contained a copy of a company's data, which made it smoother to recover and restore the network.
Read more: Email archiving and HIPAA compliance
Cybercriminals became aware that their ransomware attacks weren't always effective. They essentially needed a second way to force victims to pay a ransom. Soon they developed the double extortion attack. Before encrypting a network, cybercriminals now made a copy of the data. Then they would threaten to either publicly publish the data or sell protected health information (PHI) on the black market. If the victim paid the ransom, cybercriminals wouldn't release the information. A double extortion attack gives cybercriminals more assurance that their victims will most likely pay the ransom since they have access to sensitive data. Even if a covered entity has data backups to restore its network, it still faces the risk of cybercriminals publicly publishing or selling PHI.
What is a triple extortion attack?
The triple extortion attack is an extension of the double extortion attack. While the exact tactic may vary, cybercriminals will target patients or affiliates to demand a ransom or pressure victims to pay. A triple extortion attack first occurred in October 2020. Vastaamo, a Finnish psychotherapy clinic, had patient data stolen in a ransomware attack. The cybercriminals then asked patients directly to pay a ransom or face having their therapy session notes published.
A triple extortion attack may also be designed to harass victims or their associates. Cybercriminals have issued DDoS attacks or phone calls to the victim's business partners and the media. One report discusses "print bombing" where cybercriminals will take over the organization's printers and repeatedly print their ransom note. While this doesn't make the cybercriminals any money, it does pressure victims to pay the ransoms sooner rather than later.
What can healthcare providers do to protect themselves?
Email is the most common method for cybercriminals to infiltrate your system. Over half of all malware infection attempts in 2020 were conducted via email. Covered entities need to send HIPAA compliant email of course, but they also need a robust inbound email security system that blocks spam, viruses, malware, and phishing attacks. Paubox Email Suite Plus protects your healthcare organization's inboxes. Our HITRUST CSF certified software automatically encrypts all outbound email and blocks inbound malicious emails from even entering a person's inbox. Paubox is dedicated to protecting you from email security threats, which is why we've recently launched Zero Trust Email . It adds a layer of authentication to your emails and ensures that emails are genuine. You can rest assured that Paubox will always stay committed to protecting your emails from unauthorized access.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.