All HIPAA compliant businesses need a disaster recovery plan in place to ensure they can quickly recover from – and survive – a data disaster at the office.
A disaster recovery plan checklist is a simple yet incredibly useful tool to ensure you’ve got all bases covered – but does yours protect against the increasing threat of malware?
Cybercriminals Targeting Healthcare Industry During COVID-19 Pandemic
The COVID-19 pandemic continues to hold the entire world hostage – and hackers are using it as an opportunity to launch attacks against healthcare providers who are at the forefront of the struggle.
Cyberattacks against US healthcare organizations have been making the headlines since the outbreak begun.
Ransomware attacks delivered via fake coronavirus-themed phishing emails are one of the biggest threats.
Such emails are often “dressed up” to appear as if they come from inside the organization and contain information or instructions on what workers should do with regards to various policies and procedures surrounding the outbreak.
(Image source: us.norton.com)
Alternatively, hackers sometimes impersonate a medical institution like the World Health Organization (WHO) or the US Centers for Disease Control (CDC).
Messages are designed to trick recipients into opening a malicious attachment containing malware.
(Image source: us.norton.com)
Security researchers at KnowBe4 revealed a 600% rise in the number of phishing emails worldwide that used coronavirus-related themes to target individuals and businesses in its Q1 2020 Top-Clicked Phishing Report – a trend that remained frequent in Q2 2020.
“It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims,” said Stu Sjouwerman, CEO, KnowBe4.
“These phishing scams are becoming more aggressive and more targeted as this pandemic continues. Everyone should remain very skeptical of any email related to COVID-19 coming into their inbox.”
In March 2020, for example, a ransomware attack on the Champaign-Urbana Public Health District in central Illinois disabled its main website and cut off employees from medical files.
“Our website was pretty much down for three entire days and it was the primary mode of communicating with the public about COVID-19,” Deputy Administrator Awais Vaid said.
“The only good thing was that just a few months before, we had put our electronic medical records and our email on the cloud, so they were not affected.”
This was a smart move – and one to add to your disaster recovery plan checklist.
With copies of your files stored securely offsite in a remote location, HIPAA compliant cloud backup means that those files are always recoverable should your primary storage be compromised.
Ransomware Demands on the Rise
The Coveware Quarterly Ransomware Report reveals the growing scope of the ransomware threat landscape.
There is a growing availability of low-cost or free DIY Ransomware-as-a-Service (RaaS) kits available on the dark web, pushing the barrier to entry into cybercriminal activity extremely low.
As Coveware puts it: “Deep technical expertise is no longer needed to participate in the cybercrime economy.”
It adds that, “It is also possible the increase of RaaS usage is related to the economic impact of the Coronavirus pandemic, driving more financially stressed individuals towards cybercrime.”
(Image source: coveware.com)
In Q2 2020, the average ransom payment rose 60% to $178,254 over the $111,605 average in Q1 – and average payments have been climbing steadily for the past two years.
(Image source: coveware.com)
Unfortunately, many healthcare organizations are vulnerable to malware attacks, including ransomware attacks.
According to a 2020 report from Mimecast and HIMSS Media, 90% of healthcare organizations experienced an email-borne threat last year and one in four said they were very or extremely disruptive.
In fact, the report finds that 72% of organizations experienced downtime as a result of an attack, with productivity (55%), data (34%) and financial (17%) being the three most common types of losses.
The most frequent attacks were those that impersonated trusted vendors or partners (61%) and credential harvesting focused phishing attacks (57%).
“The popularity of email as a communications channel makes it one of the top attack vectors used to target healthcare organizations.
All the reasons it is effective for legitimate use, makes it a key path for threat actors to use maliciously, often with minimal efforts and a high return on investment,” said Matthew Gardiner, Principal Security Strategist at Mimecast.
Healthcare organizations, however, are fighting back, the report says, with three-quarters having a cyber-resilience plan in place or planning to roll one out.
To shore up their defenses, organizations are making investments in cybersecurity technologies, including firewalls (80%), email security systems (79%) and data backup recovery solutions (78%).
(Image source: mimecast.com)
Your Disaster Recovery Plan Checklist
Healthcare organizations should continue to expect increased attacks that exploit the COVID-19 pandemic.
As such, a robust disaster recovery plan needs to be in place to protect against malware that could destroy your business and to ensure you never have to pay a ransomware demand.
There are four essential disaster recovery plan steps you should complete in order to build a robust plan.
- Assign responsibility (for overseeing both primary data storage as well as cloud backup and recovery solutions)
- Seek a data backup & recovery provider that offers HIPAA compliant data storage solutions for businesses and HIPAA compliant disaster recovery
- Document key contacts and information (of all critical vendors, suppliers, partners, clients and employees, as well as hardware, software and licensing information)
- Create a recovery procedure with steps to remedy data interruption
Fortune favors the prepared and disaster recovery planning is essential for HIPAA-compliant businesses to survive the increasing threat of malware.
Download your free Disaster Recovery Planning Checklist from Central Data Storage today.
Central Data Storage exists to help businesses remain HIPAA-compliant and survive data disasters.
Our HIPAA cloud storage, encrypted file sharing and round-the-clock data storage support are specifically designed for HIPAA covered entities. Call 1-888-907-1227 or email firstname.lastname@example.org to speak to an expert and learn more about our data storage services.