A recent article that ran in Information/Age asked tech experts for their cyber security predictions for 2020. Among the items discussed and predictions made was that after a drop in reported incidences of ransomware in 2018, in 2019 it was on the upswing again and is poised to re-emerge as a major threat in 2020, with healthcare organizations being among the most vulnerable.
Not only is malware becoming more sophisticated and difficult to detect, but many hospitals and healthcare organizations are in increased peril of being victimized due to having limited resources dedicated to maintaining cyber security protocols. In addition, because a prolonged disruption has the potential to endanger health and lives, healthcare organizations may be more apt to simply pay the ransom in order to minimize the risk to their patients and clients.
Just recently, Hackensack Meridian payed an undisclosed ransom amount in response to a cyberattack that had disrupted their network for at least a week. That same week, the Oahu Cancer Centre in Hawaii was also the victim of a ransomware attack. Separate ransomware attacks in both July and November of 2019 caused the Medicare system in Louisiana to temporarily shut down completely. And according to an article in Bekers Hospital Review, hospitals in Wyoming are hit with malware attacks almost daily. Earlier this past fall, the Ryuk ransomware attack affected three (3) hospitals in Ontario, Canada as well as three (3) in the state of Alabama and several in Australia, and there was also a breach affecting over 2000 patients at Red Deer, Alberta, Canada hospital that was found to have been perpetrated by 30 internal hospital employees.
In addition to hospitals, municipalities have also become major targets. So far in December of 2019 alone, 4 U.S. cities – Pensacola Florida, New Orleans Louisiana, Galt California, and St. Lucie Florida – have been victims of cyberattacks that significantly disrupted some or all government services. New Orleans declared a state of emergency and took all its employees computers offline on the weekend of December 14-15 and powered down servers as well as a precautionary measure. Roughly 4000 city computers were infected with ransomware, and the tab so far has reached $1 million plus and mounting. The cyberattack that the city of Pensacola suffered beginning December 7th crippled its computer system for several days and they have since hired a noted cyber security expert (at a cost of $140,000) to evaluate how the attack happened, the extent of the damage and what to do moving forward. All told in 2019, 103 federal, state, and municipal agencies in the U.S. were hit with ransomware demands.
With it comes to ransomware itself, some of it targets specific organizations that the perpetrators know or have reason to believe are vulnerable (and sometimes it’s perpetrated or assisted by employees on the inside), but often it is just spam sent out in bulk. After all, if even a tiny percentage (%) of recipients are fooled it’s worth the effort. Whether it’s payment data or sensitive personal information (or both) that is most vulnerable, it’s important that you have a security consultant on board that is a compatible fit in terms of organizations and personalities and that is proactive. Running breach simulations and staying up to date when it comes to security patches and the latest strains of malware that are out there is vital when it comes to keeping ahead of the curve.
To that end, the provincial government of Manitoba, Canada announced on December 18 that it was putting up $550,000 towards the cost of setting up a Cyber Security Technical Centre of Excellence, to be located in Winnipeg. Additional funding will come from the Manitoba Institute of Trades and Technology (MITT), industry, and other potential sources. The goal is to provide
a data centre for its students, instructors and industry trainers to allow for testing, simulating and applying solutions to real-life, cyber security challenges.
If you ARE a victim of a breach – whether it is internal or external – the potential fall-out can be significant, over and above any ransom demands that you agree to pay. There can be additional legal liabilities, not to mention the damage to reputation which can be difficult to ascertain in concrete dollars and cents. Increasingly, taking out a cybersecurity insurance policy is an option for which there appears to be growing demand. Currently, the size of the cyber-insurance market is estimated to stand in excess of $2.5 billion and this is expected to triple by the end of 2020.
If you don’t know where you stand with our security preparedness or want to test your existing defenses a good place to start is to retain a qualified security assessor to run a complete Security Gap Assessment. This process need not be lengthy or expensive, but it will however provide you with a 360 degree view of were you might be vulnerable, as well as recommendations for moving forward. In today’s cybersecurity climate, the old Boy Scout adage
Be prepared is more relevant than ever.
About Datatel and Secured Net Solutions
Organizations are in a continuous struggle to ensure that all necessary safeguards are in place to protect their valuable information from external and internal security threats alike. At Datatel, it is our goal to ensure that our clients are prepared to successfully navigate the ever-changing Cybersecurity and payment security landscape. In partnership with Secured Net Solutions we provide our customers with tailor made services and solutions that ensure that they will always be prepared for and able to respond to information security threats.
Our team’s depth of expertise and breadth of capability in advanced technology is founded upon real-world experience, combined with solid technical training and continuous skill development. Our philosophy and core business align directly with the critical components required to assist our clients in establishing a more secure infrastructure and overall security posture.
For information on how we can help you addressing your Cybersecurity and Payment Security needs contact us at:
Toll-Free: 800-831-6660 x 257 E-mail: [email protected]