Recently, HBO suffered a massive data breach. The hackers stole unreleased episodes of Game of Thrones and have been leaking them before they are broadcast. Episodes of other shows were also stolen. The hackers grabbed 1.5 terabytes of data including sensitive internal documents.
As the FBI warned, ransomware has proven to be a formidable threat costing businesses over $1 billion in 2016, averaging 4,000 attacks per day. Ransomware forces victims to choose between losing access to their files or paying a fee that can range between hundreds and thousands of dollars. Ransomware has already made headlines in the first quarter of 2017.
I have good news and bad news about ransomware. First, the good news — here’s a cartoon I created. I hope you enjoy it, because that’s the only good news i have. Now, for the bad news . . .
The Bad News: Be Afraid, Very Afraid
Everyone seems to be afraid of ransomware these days, but is the fear justified? Is ransomware more about hype than harm? Unfortunately, a recent study of international companies conducted by Malwarebytes provides some startling statistics to back up the fears. According to the study, 40% of companies worldwide and more than 50% of the US companies surveyed experienced a ransomware incident in the last year.
The stakes are very high — 3.5% of companies surveyed even indicated that lives were also at stake which was exemplified by a recent attack in Marin, California where doctors lost access to patient records for over 10 days.
As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS).
A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice. Although most of the document outlines what should be obvious for an organization that already has a solid data security plan (including reliable back-ups, workforce training, and contingency plans), the major headline is HHS’s verdict on whether or not a ransomware attack qualifies as a data breach under HIPAA.
Security experts are sounding the alarm bell as ransomware attacks continue to increase rapidly since my last post on the subject.