As information about yet another health care-related ransomware attack hit the news recently, the health care industry needs to be taking notice and fortifying defenses and infrastructure as the cost of a breach in the health care industry has gone up 42 percent since 2020. For the past dozen years, health care had the highest average data breach cost—at $10.1M per breach—of any industry, according to an IBM study.
The unprecedented rise of cyberattacks is due to a number of factors, including the increasing sophistication of hackers along with the growing number of devices connected to the internet. With more devices online, there are more opportunities for hackers to exploit vulnerabilities and gain access to sensitive data.
For threat actors, ransomware is a lucrative attack method, and critical infrastructure is a prime target. From oil pipelines completely shutting down for weeks at a time, to water companies finding out they are no longer insurable, and the decline of patient care and outcomes impacting the health care industry, the mounting costs of ransomware attacks are beyond alarming.
While most cybersecurity incidents are unsophisticated, opportunistic, and automated, taking advantage of easily fixed vulnerabilities for most organizations, providers need to understand that there are large and very sophisticated cybercrime syndicates that are structured like legitimate corporations, with executives, shareholders, salaried staff, and advanced operations.
In order to defend against these criminals, educate staff and establish frequent and ongoing internal discussions about your state of cyber readiness, actions that are being taken to address vulnerabilities, and hold attack simulations and exercises. This way, if an attack occurs, you are able to act quickly and according to a well-defined triage security process and plan.
What Are the Hidden Costs of a Ransomware Attack?
When considering ransomware attacks, many of us only consider the amount of the ransom payment, which is just a small fraction of the total cost of a successful attack. However, a ransomware attack can adversely impact a business in a variety of ways.
1. Lost Revenue
When ransomware strikes, the stark reality is, you're going to lose revenue. The loss may be a direct result of the attack because business continuity was upended with some of your systems rendered inaccessible by the malware. But it may also come from the ensuing fallout of becoming a victim of ransomware.
2. Ransomware Payments
Ransom payments, if paid, typically go into a cryptocurrency account, which can be very difficult to trace. While there have been some instances where businesses have been able to recover their data after paying the ransom, this is generally not a recommended approach. There is no guarantee that the attacker will actually provide the decryption key that enables data recovery, and if they do, the experience can be very costly and disruptive for the business.
In addition, by paying the ransom, businesses are effectively funding the attackers' future operations.
3. Post-Mortem Investigation
A ransomware attack can have significant business costs beyond the initial ransom payment. The victim company may need to hire forensic consultants to conduct a post-mortem investigation in order to determine how the attackers gained access to their systems and what data was encrypted. This can be a costly and time-consuming process, particularly if the attackers used sophisticated methods to cover their tracks. Most companies impacted by ransomware see downtime of anywhere from 2-4 weeks, and sometimes more.
4. Cyber Insurance Premium Increases
The most expensive cyber insurance is the coverage you are unable to obtain because the risk level within your business is too high to be insurable. If you do fall victim to a ransomware attack, your premiums are going to go up significantly.
And the cyber insurance market continues to see solid growth since its peak in the fourth quarter of 2021.
5. Technology Hardening
In the wake of a ransomware attack, it is essential to take steps to harden your technology infrastructure. This includes both implementing immediate changes during and after an attack and making long-term changes to prevent future attacks. Among the most important immediate changes is ensuring that all systems are patched and up to date.
Keep in mind that this involves more than simply putting together a vulnerability management plan. While it's true that you can often stay one step ahead of attackers by applying patches to vulnerable systems in a reasonable timeframe, a big part of your technology hardening plan should also include implementing a defense-in-depth strategy.
It is also important to conduct a review of all systems and security settings and make any necessary changes. All these steps, while critical, are going to cost your company money, so be prepared to evaluate investments in modernizing solutions and infrastructure.
6. Software Updates
If you haven't kept your software up to date, part of your ransomware remediation plan should include making those necessary changes.
While maintaining up-to-date software is a hallmark of a strong security policy, it still represents a financial burden. But as the adage goes, an ounce of prevention is worth a pound of cure. Keeping your systems up to date will reduce your risk of becoming a victim of a ransomware attack.
7. Legal Costs
Legal fees associated with recovering from a ransomware attack can set the business back years simply due to the sheer magnitude of the costs, with one company recently reporting $50 million in non-recurring legal expenses associated with an attack.
8. Reputational Damage
In ransomware attacks on critical infrastructure, reporting the attack is a requirement. Additionally, if the ransomware prevents you from providing services to or accepting payments from your customers, it is going to significantly damage your organization's reputation. Reputational damage can stem from negative press, regulatory enforcement actions, or service outages that affect clients. All of these forms of reputational damage can affect the way in which your company is perceived by both new and existing customers, potentially hurting your customer renewal rates as well as new customer acquisitions.
Recovering from the reputational damage of a major cyber incident can be a costly endeavor, requiring swift and positive press coverage, new ad campaigns, monetary commitments to customers, and, potentially, even an entire company rebrand, depending on the severity of the incident. All these initiatives will require additional funds that were likely not accounted for in original budgets, as well as months or years to rebuild public trust.
What Should I Be Doing Now?
Defending against ransomware is no easy task. But there are a few things that every organization should be doing to reduce risk. One of the main focuses should be around employee awareness training, since most cyber incidents involve human error.
From an information technology perspective, the following should be viewed as table-stakes security policy:
- Mandating multi-factor authentication. It just takes a minute to set up, and this should be used throughout the organization and across assets.
- Aggressively managing access. Adopting a “least privilege" approach can help safeguard sensitive systems and information.
- Blocking known threats. Any access into or out of your infrastructure (firewalls, devices, systems, and applications) should be locked down.
- Actively monitoring for suspicious activities. Bad actors are scanning for open ports and looking for ways to get in, so active monitoring is essential.
- Implementing all required security software. If you don't know what's required, ask an expert.
- Immediately remediating known vulnerabilities. A robust vulnerability management program includes automated patch management and ongoing monitoring.
Kent Shanklin has spent over 30 years as a technology professional and is chief revenue officer at Defensible Technology. Shanklin can be reached at kshanklin@defensible.tech.