Elk River Health Care Provider Pays Ransomware. Are You Next?


Last August I wrote about what Ransomware is, shared statistics to highlight the urgency for health care providers and small businesses to take action to protect themselves, and offered our Managed IT Service Agreement as a solution to prevent a Ransomware attack.  Recently, a local business in the health care industry was hacked by ransomware and was severely impacted.  It is my sincere hope to get this message out to help prevent others from being next.

What is Ransomware?

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid” (Trend Micro, https://www.trendmicro.com/vinfo/us/security/definition/ransomware).  The main delivery mechanism for Ransomware is spam email.  The spam email most often looks “legit” to the viewer.  In some cases, all you need to do it open it and the malware is released into your system.  About 40 percent of all spam emails in 2016 contained ransomware, according to a recent IBM Security study (Stephanie Condon, Between the Lines, Ransomware: Should you pay up?, February 13, 2017, https://www.zdnet.com/article/ransomware-should-you-pay-up ).

Why Ransomware Came to Elk River?

As John P. Mello Jr. explains, it is increasing because a new form of ransomware has been developed that is in effect ‘Ransomware as a Service’ (RaaS),” like Software as a Service or SaaS.  A would-be Ransomware criminal used to pay $2,000 to rent or $5,000 to buy the software.  Starting last November a would-be hacker doesn’t need any skin in the game, but can get it for free from the developer as long as they share “40 to 50 percent of each ransomware payment made.” (John P. Mello Jr., Crime Pays: Ransomware Bosses Make $90K Annually, June 14, 2016, https://www.technewsworld.com/story/83603.html). Simply put, because Ransomware is easy to get, more criminal types are retiring from their old “gigs” and jumping into a Ransomware career. Before I provide a solution to help prevent you from becoming the next Elk River victim, ponder these facts;

  • According to an IBM Security study, Ransomware increased 6,000 percent between 2015 & 2016.
  • Nearly 70 percent of business victims surveyed by IBM said they paid hackers to recover data.
  • 50 percent of Ransomware victims paid more than $10,000 and 20 percent paid more than $40,000.(Stephanie Condon, Between the Lines, Ransomware: Should you pay up?, February 13, 2017, https://www.zdnet.com/article/ransomware-should-you-pay-up).

Solution: Ransomware Prevention Starts with Backing Up!

Every business or organization should be thinking about best practices and practicing resilience.  (Stephanie Condon, Between the Lines, Ransomware: Should you pay up?, February 13, 2017, https://www.zdnet.com/article/ransomware-should-you-pay-up ). The best “best practices” is to back everything up on your computers and network system.  Further, the U.S. Health and Human Services Department’s Office for Civil Rights, which enforces compliance with the Health Insurance Portability and Accountability Act, better known as “HIPAA,” has released new guidance for healthcare organizations, which are equally applicable to nearly any business entity or organization, on ransomware.  They are:

  • Conduct a risk analysis to identify threats and vulnerabilities to electronically protected health information, and establish a plan to mitigate or remediate those identified risks;
  • Implement procedures to safeguard against malicious software;
  • Train authorized users on detecting malicious software and report such detections;
  • Limit access to ePHI to only those persons or software programs requiring access; and
  • (BACK UP) Maintain an overall contingency plan that includes disaster recovery, emergency operations, frequent data backups and testing of restorations. (John P. Mello Jr., Freelance Writer, Civil Rights Office Issues Ransomware Guidance, July 22nd, 2016, https://www.technewsworld.com/story/83730.html)

RB’s Managed IT Service Agreement’s Include Back Up’s & Much More.

I have mentioned this a number of times in my blogs posts, plus on social media; for the price, one pays for lunch each day of the month, one could partner with RB’s Computer Service to reduce the impact of a Ransomware threat and other equally malicious threats with a Managed IT Service Agreement.  Having RB’s Computer Service put protection measures in place, provides recovery solutions reducing the likelihood of having to pay the ransom.  Antivirus and anti-malware protection is included in our standard packages.  We have several different backup solutions you can choose from to supplement the agreement.  To learn more about our different packages, visit our June blog post; https://rbsmn.com/blog/page/9/. We understand most small businesses and large health care organizations have unique needs and budgets.  We are accustomed to helping businesses and organizations of all sizes determine where their risks are and offer a security plan that makes sense to everyone. To determine your needs, package and pricing options, schedule a consultation with me today via phone or email; 763-441-3884, randy@rbsmn.com.  RB’s Computer Service sells the Intel Compute Stick as well as the best laptop computers, best desktop computers, business computers, computer parts, and computer monitors.  We also provide managed IT services, computer repair, iPhone and smartphone repair to customers and clients throughout central Minnesota and St. Cloud.