You may have read recently that the number of instances of ransomware has declined. While the overall count of malicious and damaging infections may be waning, the impact of an attack is certainly not. Case in point: the BlackCat attack on Change Healthcare. The attack on February 21st has had a major and ongoing impact on healthcare providers, pharmacies, and hospitals around the country as pharmacies have been unable to process prescriptions and payments. As of March 4th, Change Healthcare still recovering from the attack and reportedly paid $22 million to get a decryptor and get its data deleted; however, based on a current post at Databreaches.Net, a copy of the stolen data is still in the hands of the “affiliate” (another hacker) who did not receive their share of the payment. This poses a threat of re-disclosure and since the data is mostly that of third-party organizations, this is just the tip of the incident nightmare. It would not be unreasonable for multiple regulators to start audits, for a class action lawsuit to be launched, and for additional discovery of damages to the data to be found. In fact, the U.S. Department of Health and Human Services (HHS) released a statement March 5, 2024 regarding the cyberattack on Change Healthcare, and the statement ended with a call to action: “HHS also takes this opportunity to encourage all providers, technology vendors, and members of the health care ecosystem to double down on cybersecurity, with urgency. The system and the American people can ill afford further disruptions in care.”
While no cybersecurity program is perfect, there are many steps you can employ to assess, detect, and respond to a possible malicious incursion. They include:
- Implementing a process to perform full and accurate information security risk assessments regularly (at least annually), inclusive of all third- and fourth-party organizations that reasonably access organization data.
- Ensuring that a comprehensive information security incident response plan is documented, reviewed, and tested annually.
- Implementing technologies that automatically monitor, audit, alert, and report on internal and external network traffic, user activity, and security-related events such as software installations, administrative access requests, internet downloads, etc.
- Implementing multi-factor authentication (MFA).
- Enforcing encryption technologies everywhere possible including but not limited to data storage (mobile devices, BYOD, cellphones, computers, servers, etc.) and data in transit (email use, remote work, etc.).
- Implementing a security awareness training program that includes regularly required training for all staff and Management, with an emphasis on social engineering and phishing awareness.
Every industry is at risk, and now is the time to act. FoxPointe’s team of cybersecurity professionals are ready, today, to start you on a path to cybersecurity resilience and assurance. Reach out to our team by contacting Brandon Agostinelli (bagostinelli@foxpointesolutions.com) today for an initial no-cost conversation about where we can help.