By November of 2021, hacking group "Karakurt" had already launched cyberattacks against 16 different healthcare providers. Suspected of being linked to the Conti ransomware group, Karakurt allegedly targeted an assisted living facility, a dental practice, healthcare provider, and a hospital among other providers within the healthcare industry.
According to Accenture, the threat group is financially motivated and opportunistic in nature, targeting smaller companies and corporate subsidiaries rather than larger ones.
An alert from the Department of Health and Human Services Cybersecurity Coordination Center (HC3) notes that Karakurt actors claim to steal data and then threaten to auction it off or release it to the public unless they receive payment of the demanded ransom, which has been known to range from $25,000 to $13,000,000 in Bitcoin, with payment deadlines typically set to expire within a week of first contact with the victim.
Why are senior living facilities a target for cybercriminals?
Health care reforms have led to a shift toward adopting electronic reporting and cloud-based storage of information, which has increased the risks of exposing sensitive data. Hackers also know that they can fetch a higher price on the black market for personal health info compared to something like credit card data.
Not only this, but the health care industry has been notoriously slow to adopt new technology protection measures, leading to critical vulnerabilities in the security of patient data and other sensitive information. This means that there is significantly more risk for malicious actors who are looking to gain access to this information or use it for financial gain. Unfortunately, many health care organizations lack the resources needed to properly secure their systems, leaving them vulnerable to attack. This lack of resources is further compounded by the fact that many health care organizations have been reluctant to invest in new security measures, feeling they are too expensive or too complex. As a result, these organizations remain at risk of data breaches and other malicious attacks. It is thus essential for health care companies to invest in the appropriate security measures to ensure their data and other sensitive information is kept secure.
The impact on a cyberattack against senior living communities
According to a recent report issued by Coveware, the average ransomware payment in Q2 of 2022 was over $228k. Ransom payments for cyberattacks may not be as costly as businesses fear, but the indirect costs of business interruptions can be much greater.
The average length of interruption after ransomware attacks on businesses and organizations in the United States is 20 days. Downtime is the most expensive aspect of a ransomware attack. The effort to recover from a ransomware attack is typically ten times the size of the ransom payment. IBM's Cost of a Data Breach Report indicates that the average total cost of a data breach is 4.35 million USD.
Critical life-supporting devices and electronic medical record systems could become inaccessible in a senior living environment post cyberattack, raising risks exponentially. The initial financial threat of a cyberattack can quickly escalate to the inability to care for the residents effectively.
How can senior living facilities and heath care providers best protect their data?
In order to prevent and mitigate such attacks, there are various measures that can be taken by both senior living facilities as well as health care providers.
It is important for senior living facilities and health care providers to ensure their IT infrastructure is secure by taking necessary steps such as updating software, monitoring system logs and installing security patches. They should also make sure that employees are aware of the potential risks associated with ransomware attacks and provide regular training on cybersecurity best practices. Additionally, it is important to have a backup plan in place so that data can be restored in case of an attack.
Organizations should also take steps to strengthen their network security by restricting access to sensitive information and using appropriate authentication methods, such as multi-factor authentication (MFA). Furthermore, they should install firewalls and use up-to-date antivirus software with real-time scanning enabled.
In addition, senior living facilities and health care providers should be wary of phishing emails and other malicious messages that could contain ransomware. They should also have a policy in place to avoid paying ransom demand if infected by ransomware as this could encourage attackers and result in more attacks.
Who you partner with matters
Digital Boardwalk, a mature managed service provider (MSP) takes a multi-layered approach to cybersecurity, which includes looking at the standards outlined in regulations such as Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and National Institute of Standards and Technology (NIST). We consider the guidelines and standards of each to ensure that the cybersecurity policies we implement are compliant and secure.
We offer network management, cloud security and friendly, dedicated 24/7 support to secure and protect your long-term care and assisted living facilities’ network and data. To learn more about our exceptional IT services for senior living, schedule a free consultation and contact us today.