Ransomware: A Ticking Time Bomb for Health Care
By Cindy Elbert
President, Cindy Elbert Insurance Services, Inc
If you’re doing business online, you need cyber-insurance. This fact was never made truer than on May 12, 2017 when 50,000 businesses in at least 74 countries were hit by a ransomware attack code named “WannaCry”. Hackers demanded companies to pay a $300 ransom fee or their files would be published on the Internet. The data thieves targeted mostly hospitals and other medical facilities because their data not only included names, home addresses, addiction histories, financial information and religious affiliations but also disclosed patients’ mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports. A gold mine of personal information for those with dark purposes.
Two days earlier, a data breach at the Bronx Lebanon Hospital Center in New York compromised the medical records of at least 7,000 people. According to NBC News, “Leaks from the Rsync servers, which transfer and synchronize files across systems, are common. How many more nude photos of patients or ultrasound images will be exposed because of misconfigured Rsync backups?”
On May 4, 2017, a group calling themselves TheDarkOverload uploaded almost 180,000 stolen patient/medical records from three companies onto the Internet because they refused to pay a ransom. The databases stolen were in the .csv format and contained health information about cardiac diagnoses and psychiatric conditions such as depression, along with date of birth and social security numbers.
Most ransomware attacks are led by organized criminal groups utilizing a network of computers infected with malware that then poisons other computers once a spam message is opened. An example of a spam malware would be emails falsely marked as being from a co-worker or friend asking a recipient to open an attached file. Or, an email might come from a trusted institution, like a bank or merchant, asking you to perform a specific task. In other instances, hackers will use scare tactics such as claiming that a victim’s computer has been used for illegal activities to bully victims. When the malware is executed, it encrypts files and demands a ransom to unlock them.
Imagine the nightmare scenario of medical teams out on the field relying on electronic devices such as tablets, laptops, smartphones and PDAs to access patient care records suddenly discovering that their data has been locked, captured by malicious malware., held for ransom with lives in the balance.
Companies need the protection cyber liability insurance offers now more than ever.
Why Your Company Needs Cyber Liability Insurance
- A single data breach could cost your company thousands of dollars, not to mention the hit to your reputation.
- Hackers can be halfway across the world—or at the desk next to you.
- An employee losing a company laptop or cell phone could result in a major security breach.
- The more personal information your company collects opens your exposure to the likelihood of a data breach attack.
- As of March 28, 2017, Internet providers can collect and sell your web browser history opening more opportunities for data to be stolen.
- The average forensic investigation runs $25,000 per server.
Cyberthreats By the Numbers
- Sixty percent of uninsured small businesses close their doors within six months following a cyber attack.
- According to the 2016 NetDiligence Cyber Claims study, Healthcare data breaches made up 19% of all breach sectors.
- The average cost for a breached healthcare company is $717,000.
- According to the Identity Theft Resource Center’s 2017 Data Breach report, almost 2 million records have been stolen so far this year, making up 22 percent of all breaches – and this is before the “WannaCry” ransomware attack.
- Forty-seven states mandate that your company take certain measures in the event of a security breach
Protect Your Company
Ransomware attacks and cyber theft will not be defeated any time soon. So now is the time to ask: How do you store sensitive information? How do you control access to sensitive information? Do you utilize a firewall and protection software? Do you allow employees and others remote access to your data bases? Do you have a written security policy? And, most importantly, do you have cyber liability insurance? Is it safe? If your company stores customer information, especially billing and medical data, then there is no question about it: You must protect yourself from the growing legion of cyber predators. You need cyber liability insurance.
About the Author
Cindy Elbert is President of Cindy Elbert Insurance Services, Inc. She is a licensed Property & Casualty Insurance broker/agent, and a proud member of the American Ambulance Association, California Ambulance Association, Arizona Ambulance Association, and The Independent Agents Association.
Cindy has been assisting ambulance providers with their insurance needs since 1982. She understands your questions and concerns and with her relationships with insurance underwriters she can provide you with coverage and service you deserve.
Visit the CEIS booth at the AAA Annual Conference & Trade Show!