“Why Do I Even Need Ransomware Protection?”
The idea of ransomware attacks may conjure images of hackers in movies, sitting behind their computers and typing away on their keyboards until they “access the mainframe.” In reality, ransomware attacks are commonplace in today’s business environment and can be triggered simply by clicking a malicious link.
Not only are attacks on the rise, but there remains an “‘exceptionally aggressive’ ransomware threat targeting healthcare,” according to the Department of Health and Human Services Cybersecurity Program.
Just as recently as March 2022, four healthcare providers were new victims of ransomware attacks which exposed the sensitive information of tens of thousands of patients. Most appealing to these hacking groups is the large amount of Protected Health Information (PHI) held by these healthcare providers, which can be sold for identity theft and other purposes.
Unfortunately, when discussing ransomware attacks, it is not an “if” but a “when.” The sooner you understand what an attack entails and how it may occur, the better prepared you can be to establish your ransomware protection and recovery plan.
What Exactly is Ransomware?
The US Cybersecurity and Infrastructure Security Agency aptly describes ransomware as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable… actors then demand ransom in exchange for decryption.”
Recent cases of ransomware activity have increasingly seen actors requesting cryptocurrencies as a form of payment, and if not paid in full, they threaten to sell the information they’ve stolen.
Often, practices have no choice but to pay the ransom for the return of their files, even when the return of those sensitive files is not guaranteed. However, not only do they have a moral obligation to protect their patients’ information; they also are legally obligated to do so through the Health Insurance Portability and Accountability Act (HIPAA).
Impact of a Ransomware Attack
Victims of a ransomware attack will find that the effects reach far beyond their wallets, impacting their business and customers across the board.
The most obvious impact of a ransomware attack involves the actual costs incurred by paying the ransom; however, beyond that, there are other costs that will arise down the road.
- If you don’t already have a data recovery solution in place, you’ll certainly want to pay to implement one after an attack to protect against future data loss.
- If one computer is infected with ransomware, you’ll need to shut down your entire operation to detect, isolate, and clean the infected system. This means downtime and, subsequently, lost revenue for your business.
- If patient PHI was exposed in the breach, you can be in violation of HIPAA, liable to pay expensive fines like the $750,000 one handed down to University of Washington Medicine in 2013.
A business publicly identified as being susceptible to data breaches and data loss is not a business with which a customer would want their information housed.
Even though they are the direct victims, businesses find that, post-attack, they have to take a defensive position against their customers and the public, explaining how and why the incident was able to occur.
Trust is important in any relationship, and losing that trust is often irreparable. As such, you want to avoid losing it at any cost.
What’s Your Next Step for Ransomware Protection?
After all that about ransomware, I’ll leave you with one last statistic: up to 90% of data loss can be attributed to human error. That means that what you’re doing on a daily basis can leave you most vulnerable.
Wouldn’t it be nice if there was a product that allowed you to continue working how you always have without fear of a ransomware attack?
Well, that’s where Central Data Storage comes in. CDS provides end-to-end encryption, user authentication, and role-based access controls to ensure that only authorized users can access PHI. For more information on how CDS can help your practice, sign up for a free trial (no credit card required), read our cybersecurity guide for healthcare, or contact us to learn more!