A ransomware attack might cost you a lot more than lost productivity. Harvard Pilgrim Health Care and its parent company, Point32Health, are facing multiple class action lawsuits after hackers gained access to the protected health information (PHI) of more than 2.5 million individuals in an April 2023 ransomware attack.
The stolen PHI included names, addresses, phone number, birthdates, health insurance account information, social security numbers, provider taxpayer ID numbers, and patient clinical information. Those affected by the data breach have been offered free credit monitoring and identity theft services for 2 years. However, since the initial intrusion back in April, Point32Health is still continuing to work to get their IT systems back online.
Health care and health insurance companies have become more of a target for ransomware attacks over recent years. Medical record information is also often more valuable to cyber criminals than stolen credit card information. Unlike credit card numbers that can be canceled and ultimately replaced, sensitive and personal health information can be used over and over again against victims.
Today, Point32Health is facing at least 4 lawsuits in response to the attack that claim the health insurer (the second largest in Massachusetts) failed to implement reasonable cybersecurity measures to ensure the confidentiality of members’ information. The financial repercussions of these attacks will likely not be fully realized for years to come.
So how can your business avoid the cost of ransomware attacks like these?
Tip #1 - Maintain backups regularly and thoughtfully
The MS-ISAC (Multi-State Information Sharing and Analysis Center) recommends that backing up important data is the single most effective way of recovering from a ransomware attack. All business critical data should be backed up to an external hard drive or cloud server in order to mitigate risk.
Wright Technology Group offers industry-leading Data Backup and Recovery Services.
Tip #2 - Keep all systems and software updated
Cyber criminals are constantly working to find weaknesses in software and systems used by businesses. They can use these weak spots as an easy way into the target’s system where they are able to enact the attack. Keeping all of your software and systems up-to-date can help close these security gaps.
Tip #3 - Only use known download sources
This may seem obvious, but is always worth repeating. To minimize risk of downloading ransomware, never download software or media files from unknown or unverified sites. Also, avoid using unknown USB sticks and never open suspicious email attachments, as each unknown presents a potential risk to your system.
Tip #4 - Use EDR tools to enhance endpoint security
Ensure your systems are configured with security in mind. EDR (endpoint detection and response) tools are technology platforms designed to help protect each endpoint connected to your network (i.e., laptops, smartphones, printers and more) by detecting and investigating threats.
Tip #5 - Raise employee awareness
End-users and employees are the most common gateway for cyber attacks. Routinely provide your team with security awareness training so they're better equipped to recognize phishing and social engineering tactics. Most cybersecurity IT professionals should offer employee training as part of their service.
"It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it" - Stephane Nappo
In the end, taking precautionary steps to protect your business and your most valuable data assets can make all the difference in the event of a cybersecurity attack. Proper preparation can save you time, money, and productivity.