Ransomware is a type of malicious cyberattack that has grown in notoriety and frequency in recent years. Like kidnapping, ransomware works by taking something valuable to an organization – such as data files – and holding it hostage until a ransom is paid.
Ransomware infiltrates an organization’s system by infecting someone’s computer with a virus, which is likely accomplished by tricking that person into clicking a link or downloading a file in a phishing email. These emails are disguised as a communication coming from a trustworthy entity, such as a well-known brand or an internet or energy supplier. Once someone clicks on the malicious link or attachment, the ransomware encrypts the computer’s hard drive and locks the person out of all files. A screen then appears threatening to destroy all files unless the ransom is paid.
The WannaCry ransomware attack in May 2017 is identified as one of the biggest cyberattacks the world has ever seen. In the first day of the attack, more than 200,000 computers in 150 countries were infected. The majority of the attacks targeted Russia, Ukraine and Taiwan, but U.K. hospitals, Chinese Universities and global corporations like FedEx were also attacked. This attack is “unprecedented in scale” and “sends a very clear message that all sectors are vulnerable” according to Rob Wainwright, director of Europol, the European Union’s law enforcement agency.
This attack had a significant impact on the NHS, the public body of the Department of Health that oversees the budget, planning and day-to-day operations of healthcare and hospitals in England. With NHS files held to ransom, hospitals across England were left to treat patients without vital patient care information. As a result, many hospitals were forced to divert patients from the emergency room and cancel scheduled surgeries.
The attack on NHS shows that every organization is at risk of ransomware, but most especially large healthcare organizations like payers. When a payer’s system goes down, providers could be left without the necessary health data to treat their patients. Cybercriminals know that payers are under immense pressure to get systems back up and running for just that reason – patients’ lives are at stake. Cybercriminals target payers knowing that it increases the likelihood of receiving a ransom payment.
The larger a payer is, the more vulnerable they are, too. Large organizations often have multiple systems running their data, so it may take longer to identify the source of an attack and shut it down.
Protecting data from a ransomware cyberattack must be a top priority for payers. Here is a quick checklist of steps to prevent ransomware for payers:
- Payers must select the most secure vendors by verifying that all vendors are compliant with both healthcare and payment regulations, including:
- HIPAA
- HITRUST
- AICPA
- When working with consumer payments like premiums, it’s important to make sure that their payments are protected with the best and latest in payment security technology, including:
- PCI-validated point-to-point encryption (P2PE)
- Tokenization
- EMV
- In the event of a breach, payers must be quick to apply patches as soon as any are made available to stop the progress of the attack.
- Finally, leveraging robust security software, including anti-virus, anti-malware, email filtering and firewalls, could mean the difference between keeping data safe and putting it in the hands of a cybercriminal.
Be sure to check the InstaMed blog at the beginning of every month for more on what payers can do to secure their organization with our new monthly Payer Security Focus series.