DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
The HHS 405(d) Program is a collaborative effort between The Health Sector Coordinating Council (an organization representing the primary healthcare subsectors of direct patient care; public health; health plans and payers; pharma, blood and labs; medical technology; health information technology; and funeral homes and mass fatality managers) and the federal government to align healthcare industry security practices.
The 405(d)Task Group developed Health Industry Cybersecurity Practices: Managing Threat and Protecting Patients, its first official Task Group product and publication. Health Industry Cybersecurity Practices are given the acronym HICP.
The Health Industry Cybersecurity Practices: Managing Threat and Protecting Patients document has identified the top five cybersecurity threats facing the healthcare sector.
Threat # 2 for the year 2023 is ransomware
What is Ransomware?
The HHS Ransomware Factsheet defines ransomware as follows: “Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the attacker who deployed the malware, until a ransom is paid. After the user’s data is encrypted, the ransomware directs the user to pay the ransom to the attacker (usually in a cryptocurrency, such as Bitcoin) to receive a decryption key.”
Over time, ransomware attacks have evolved to
include targeted attacks. These attacks are adapted
for specific groups or organizations to make them more
effective. Once attackers access a network, they
use ransomware to restrict access to devices and
data until ransom is paid.
Generally, these attacks are
“human-operated.” This means that an actor directs the deployment of ransomware once they have initially compromised the network. Commonly, attackers first leverage social engineering to get
access to credentials. Then, they use those credentials to
access the network and deploy ransomware.
Ransomware threats can use tactics that start as one kind of threat, and then provide opportunities to attack your system. For example, a successful
phishing attack can lead to the installation of
ransomware.
Ransomware often begins undetectably, by running in
the background. This stealth running allows attackers to monitor a user and develop an infiltration plan. Using these methods, some attackers have been able to exfiltrate data prior t When the
hackers are ready to launch their attack, the victim is
surprised, unprepared, and defenseless. Using these
tactics, some ransomware attackers have even stolen
data before encrypting the data on the systems.
Ransomware can put victims in a no-win scenario. If a victim refuses to pay the ransom, the attacker can threaten to release the
information publicly or sell it to other third parties. On the other hand, if a victim chooses to pay (e.g., pay for the key to decrypt the files), there is no guarantee that the attacker will unencrypt or unlock the stolen or locked data - even if the attacker guarantees that these measures will work.
Some attackers are quite attuned to the victim's financial circumstances, and even tailor the size of the ransom based on the ability of the victim to pay. Some attackers review a victim's cyber insurance policy (which they have hacked into, of course), and have set the ransom amount to equal the coverage limits.
Ransomware attacks can have serious financial consequences. This is especially so for small healthcare organizations, who have had to permanently close due to inability to pay (or because making payment exhausted their finances).
One critical strategy to limit the effects of a ransomware attack is to back up files. This way, if attackers delete files, backups can be deployed to keep a practice running.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article