Throughout 2019, cyberattacks continued to be of primary concern to business leaders in all sectors. Increased sophistication of cyber criminals, a growing base of connected devices (aka, “the attack surface”), and human vulnerability all contribute to a business environment rife with a cybersecurity risk that continues to be exploited by criminal actors. According to the FBI’s 2019 Internet Crime Report, cybercrimes accounted for over $3.5 billion dollars in total losses.
One of the leading cybercrimes is ransomware which is a malware used to encrypt data and demand money in return for the decryption key. The average ransom demand doubled in 2019, from $42K to $84K (Coveware). Now criminals using the latest strands of ransomware called Maze and DoppelPaymer are also exporting a copy of the data before encrypting the on-premises copy. This is a concerning development. Why? With a copy of the stolen data, criminals threaten to publish the exported data unless a ransom is paid. This technique significantly increases the pressure to pay the ransom (particularly for those with sensitive client data). It also nullifies the benefit of backups because even with the necessary backups the victim must pay the ransom to prevent publication of its data.
As a healthcare professional, you hold sensitive information inclusive of names, addresses, dates of birth, social security numbers, and insurance information that is significant in value. Having a medical record on the darknet, the internet exchange for cyber criminals, pays triple the cost of any other record. Incentivized to earn more, criminals can’t resist targeting healthcare providers.
With the recent pandemic, many are working from home and using personal devices for telehealth or basic administrative work, which leaves networks vulnerable to threats. Hackers have moved away from the high-volume ransom demands and set out to target attacks, where payout can be much higher. Six out of 10 ransomware attacks take advantage of compromised remote desktop credentials to execute an attack. Trojans like Trikbot, and email phishing attacks, compromise credentials; therefore, implementing two factor authentication (2FA) on remote access is a crucial control.
Fortunately, there are several ways to protect yourself and your practice:
- Next-generation cloud enabled endpoint protection is effective against network ransomware variants, such as CrowdStrike and Coveware
- Two factor authentication (2FA) on all remote access to your network
- Disable unnecessary remote desktop gateways
- Segregated off-site/backups. Likelihood of paying a ransom is dramatically reduced if we have an intact backup to recover.
- Spam filtering and email configuration. Need to block more phishing attacks.
- Employee phishing training and simulations. Awareness is improving, but still has a long way to go.
Cyber criminals continue to increase the frequency and sophistication of their attacks. As we cannot predict the course of events nor the impact of COVID-19 with the work-from-home workforce growing, thorough and proactive preparation is important.
While cyber insurance is one effective means of mitigating risk, there are new tools, processes and technologies that practices can employ to protect themselves.
For best practices to fight cybercrime, download this Cyber Risk Guide 2020.
Cyber Liability Coverage and Resources from LAMMICO
LAMMICO includes $10,000 of MEDEFENSE® Plus/Cyber Liability coverage in most provider policies at no additional charge to the insured. We also offer the option to purchase higher limits of protection through our subsidiary agency, Elatas Risk Partners, subject to underwriting which will include questions that hone in on two factor authentication and backup processes and procedures. Please contact Carly Thames, Elatas Account Executive, at firstname.lastname@example.org or 225.906.2062 for information on purchasing higher limits of Cyber Liability insurance.
In partnership with our cyber risk experts, Tokio Marine HCC – Cyber & Professional Lines Group, LAMMICO offers our insureds complimentary access to TMHCC CyberNET®, the most advanced cyber risk management solutions inclusive of incident response plans, compliance and training materials as well as information addressing latest trends in data breaches and cybercrime, including those concerns surrounding COVID-19.
Registered lammico.com Members are encouraged to log in and access the NAS CyberNET® portal through LAMMICO Practice Solutions.
For more information about minimizing cyber security threats, please contact the LAMMICO Risk Management and Patient Safety Department at 504.841.5211.