Rising Cybercrime May Be Impacting Your CyberRisk Insurance Coverage

Learn How to Prevent Costly Ransomware Attacks in Your Practice

Cybercrime is on the rise and the insurance industry is taking a close look to make sure its policyholders have the basic security controls to prevent losses.

Ransomware is a type of malware that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

Risk Management Lessons from Litigated Cases
Get Medicine on Trial, a free publication of more than 80 litigated cases summarized by CAP's General Counsel Gordon Ownby.

Unfortunately, when it comes to ransomware, once your files are encrypted, there’s not much you can do — besides cut your losses or pay up. And even if you do pay up, there’s a chance you won’t get your files back.

Medical practices continue to be increasingly vulnerable targets. Cyber criminals recognize the value of confidential and protected patient data and are now doubling and even tripling their efforts to take advantage of medical practices and healthcare organizations.

Did you Know: Ransom Demands Increased 40 times from 2016 to 2019?

Real-Life Scenario

Your employee receives an email seemingly from Microsoft, warning them that their account may have been compromised, and to login to verify that they are the owner of the account. The user inputs their login and password, and the credentials are stolen by a hacker using this rudimentary but highly successful phishing technique. The criminal notices that your employee’s computer has the Remote Desktop Protocol (RDP) enabled, and logs into the employee’s computer while they work from home, using the stolen credentials. The hacker uses the hijacked computer to find the backup server on the company’s network, and deploys ransomware to encrypt the company’s backups, before launching a wide-ranging attack on the rest of the company’s computers and servers. This attack costs the company over $10,000,000 between the seven-figure ransom payment, related expenses, and business interruption losses.

Protect your practice against scenarios like this and make sure that you implement these five preventative steps:

Five Steps to Preventing Ransomware Attacks

1. Lockdown Remote Desktop Protocol Across Your Entire Organization

More than 60 percent of ransomware attacks originate from hackers gaining unauthorized access to a computer via Remote Desktop Protocol (RDP). Using compromised credentials, a hacker can login to a computer within your company’s network using RDP, move within the network undetected, and launch a crippling ransomware attack on your organization. Login credentials are highly vulnerable to theft from social engineering techniques and assorted malware variants, so they cannot be solely relied upon to protect your organization. Compromised RDP credentials are available for sale on the dark web for as little as $3.

The easiest way to avoid having criminals get access to your network via this method is to simply disable this feature on all machines/servers on your network. If you absolutely need to use RDP, we recommend placing RDP access behind a VPN that is protected by multi-factor authentication, which adds an important additional layer of security. Alternatively, a Remote Desktop Gateway Server can be utilized, which can also be protected with multi-factor authentication.

2. Two-Factor Authentication (2FA)

You should implement this simple and cost-effective security measure. 2FA protects your organization because it adds another layer of protection to password-protected remote access to your network. 2FA is also convenient to implement because it is often used on your mobile phone. Most successful hacking/ransomware attacks are a result of the hacker gaining access to a company’s network using compromised login credentials. In other words, even if the hacker has stolen an employee’s login credentials, dual-factor authentication should prevent them from accessing your network, since they would also need to have the employee’s mobile phone. 2FA should also be used on all remote access to your email servers (Office 365 and GSuite have free solutions). Hackers use compromised email accounts to launch ransomware or social engineering attacks against your contacts.

3. Offline Segregated Backups

Backups can be another effective strategy to reduce ransomware damages and business disruption. If you get infected with a ransomware virus, you may not need to pay the ransom to get back up and running if you have an intact backup. You will be able to wipe out the virus, clean your devices and network, and reinstall everything from a recent, clean backup.

Recently, hackers have been effectively attacking backups that are not properly protected. All backup solutions that are connected and mapped on your network are highly vulnerable to malware and hackers. Having a properly segregated backup is an effective technique to reduce this risk.

Consider the cloud. For small- and medium-sized companies, Veeam, Datto, Backblaze, and iDrive are popular cloud solutions for backups. Just because you are using the cloud does not mean the cloud backups are properly isolated or segregated. Be sure to properly configure any cloud backups to ensure they are isolated from your operating environment.

Create internal procedures for maintaining on-site and onsite backups of your critical systems and data. Best practices include periodically testing your backups by restoring your systems from backup to ensure they work when needed.

4. Spam Filtering and Email Configuration

Your email server can automatically filter out suspicious emails. Activating these filters is an easy way to prevent dangerous phishing emails from landing in your employees’ mailboxes. Use email filtering to quarantine suspicious emails and scan documents and files before they are opened.

Because criminals are using a compromised account concurrently with the actual user, they must hide their activity. Check your email for suspicious email forwarding and mailbox rules. These rules are a signature that reliably detect whether criminals have infiltrated your email.

5. Next Generation Antivirus: Behavior-Based Protection

Behavior-based security software scans devices for unusual behavior and can decide if the deviation is a threat. These solutions are typically connected to the cloud, so their ability to detect new malware variants is updated in real time. This is sometimes known as Next Generation Antivirus (NGAV).

Antivirus software on user devices, networks, and servers is used to find or block suspicious activity. Traditional antivirus relies on a vast database of virus signatures to help the software identify malicious applications on your computers. Modern malware can easily be modified to not match existing signatures. Popular NGAV end point protection tools include Microsoft Defender Advanced Threat Protection, BitDefender Gravity Elite, CarbonBlack, and CrowdStrike’s Falcon/Protect. Behavior-based endpoint protection is an efficient way to protect against new threats and prevents ransomware from spreading throughout your network.

As a reminder, CAP members are offered complimentary access to TMHCC CyberNET®, an advanced cyber risk management training solution addressing the latest trends in data breaches and cybercrime.

To access the trainings, visit https://CAP.nascybernet.com. (First-time users will need to sign up for a free account with your CAP member number as your “Sign Up Code.” Once you have registered, you will be able to create username(s) and password(s) for your employee(s).)

For more information, please contact CAP Agency at 800-819-0061 or email CAPAgency@CAPphysicians.com. The licensed professionals with CAP Agency can also help you learn about your own personal cyber risk and about affordable coverage options and services available through Tokio Marine HCC.