The CISA, FBI and HHS have issued a warning advisory regarding an imminent threat of ransomware targeting hospitals and health care providers. They have credible information to suggest that there will be a widespread Ryuk ransomware attack this weekend. The threat actors are claiming that they are targeting 400 health care organizations. Based on what is known about Ryuk, it is possible that the targeted health care entities may already have the encryption malware on their systems, but the threat actors have not commanded it to activate. KrebsOnSecurity reported that several hospitals had already experienced ransomware attacks earlier this week and CNN released this article today noting that some hospitals have already been affected.
Analysis of 2019 cyber claims data indicates increase in phishing attacks
WisMed Assure’s partner insurance carrier Tokio Marine HCC published a 2020 Cyber Digest: Analysis of 2019 Cyber Claims Data. The following excerpts are particularly relevant to physician’s offices, and other health care-related facilities:
If there was a theme for 2019 cyber claims, it would be the growth of phishing* attacks on small to mid-size businesses. Ransomware and ﬁnancial fraud claims were up across the board vs 2018 and, largely, initiated through phishing attacks. Though the larger cyber incidents at Facebook, Citrix, and Capital One grab the headlines, the rampant attacks on small and mid-sized businesses are devastating as most SMBs don't have sufficient resources to prepare nor defend themselves. A recent Fundera study reports that “3 out of 4 small businesses don’t have the personnel to address IT security.”
While the cybercriminals continue to increase the frequency and sophistication of their attacks, business owners are also becoming more knowledgeable and prepared to defend themselves and their organizations. While cyber insurance is one effective means of mitigating risk, there are new tools, processes and technologies that small businesses can employ to protect themselves.
For best practices to ﬁght cybercrime, download the Tokio Marine HCC Ransomware & BEC Fact Sheet.
For more information about Cyber Liability Insurance solutions, please click here. For additional information about this 2019 Cyber Claims Digest please click here.
*Phishing is a technique used to gain access to your company email so criminals can impersonate a coworker, manager or other trusted business partner to steal sensitive data and money.
Back to top