homework multiple choices
Records forBy SUSAN CHAPMAN
ansomware is a type of malicious software
that infects computers, servers, databases,
and managed service providers, encrypting
data on the infected platform. The individuals behind the nefarious attack request a
price, or ransom, from the organization in
order to release the information. Generally,
they do not provide the data decryption key until the ransom
is paid. According to Verizon’s 2019 Data Breach Investigations
Report, ransomware incidents accounted for more than 70% of
all malware occurrences across the health care industry.
How an Attack Happens
“Often, when a computer or system is infected, a blue screen, or
some other anomaly, will appear with a message about the ransomware,” explains Ryan Patrick, MBA, CISSP, CCSFP, senior
vice president of security products and strategy at Intraprise
Health. “The attackers need to be paid via cryptocurrency to
release the records. Health care is specifically targeted, as the
health care industry, unlike other industries, has been slow to
adapt to the security industry. In 1996, HIPAA went into effect,
but people really didn’t pay attention to cybersecurity until
about 2015 when there was a big breach at Anthem.”
Ransomware attacks can occur many different ways, says
Adam Kujawa, director and chief security analyst at Malwarebytes Labs, but “in general, attackers find the vulnerability that
is more valuable to the victim than to anyone else.”
To Kujawa’s point, because health care data sets are the most
comprehensive of any industry, with information on patients,
families, insurance, and payment options, any security breach
or attack is going to be particularly devastating to victims. Not
only is personal information unmasked and accessible, but
also patients’ lives can hang in the balance while organizations
scramble to address a breach or attack.
18 FOR THE RECORD • APRIL 2020
For instance, in September 2019, Campbell County
Memorial Hospital in Gillette, Wyoming, was the target of a
ransomware attack. “The attack was so devastating that the
hospital was actually turning away patients and sending
them 70 miles away for about eight hours. In a situation like
this, there is the potential for life-or-death consequences
when a patient is experiencing an emergency,” Patrick says.
Ransomware attacks occur in seemingly innocuous
ways. One of the most common ways an attacker can infiltrate a hospital’s computer system is through phishing, the
practice of sending malicious e-mails that look genuine
to an unsuspecting recipient. The recipient clicks on the
attachment, and the ransomware attack begins.
Another related practice is trusted domain spoofing, in
which an employee reads an e-mail that looks as though it
came from a reliable source. If the person enters the site, the
attackers are able to infiltrate the system.
“The primary distribution method we see is through malicious e-mails. They look like they are coming from a legitimate source or they have a legitimate body. People are told to
log into e-mails and are directed to a site that looks exactly
like theirs,” Kujawa says. “The e-mail includes an attachment, such as a Microsoft Word or other Office document
attachment. The document is sometimes simple; the attackers always find some easy way to trick the user to click the
enable button, which then runs the malicious software.”
Ransomware attacks can also occur via social engineering, says Ty Greenhalgh, HCISPP, CEO of Cyber Tygr.
“Attackers stalk people on social media, which is opensource intelligence. There is a lot of information out there
on you through social media sites. An attacker can learn a
great deal about a person in this way, which is called ‘spear
phishing.’ A phishing will seem real based on the personal
information in it. As an example, the victim posted online
How should
health care
organizations
react when
kidnappers grab
the goods?
APRIL 2020 • WWW.FORTHERECORDMAG.COM
19
that he bought a new car, and then the attacker e-mails him like
it’s coming from the dealer,” he explains.
Stuart Reed, vice president at Nominet, notes that
organizations can also be vulnerable from within. “Potentially,
the attack could be an inside job. Because the most common
way of getting onto a network or computer system is to have
someone innocently download an attachment or click on a link,
using a USB stick, a malicious insider could put malware onto a
computer system, which then starts that process.”
Ransomware’s Evolution
Although ransomware has become more sophisticated in its
delivery, it is actually not much different than when it first
made an appearance in 1989. Patrick explains, “At that time,
an attacker wrote a piece of code that was exactly the same
in functionality as you see today. But, in 1989, things weren’t
as connected. The attacker would mail out code on floppy
disk. The person would receive it, insert it, and open the file. It
wasn’t as effective, but that is how it started. It’s evolved over
time and has accelerated over the last 10 years. It started out
using fear or guilt to pay the ransom. In the mid-2000s, it just
scanned all your files. The message was ‘pay all this money and
we will clean your files.’ Ransomware uses much more sophisticated algorithms today.”
Ransomware evolution also benefits from market competition. “A would-be attacker, assuming they have the right
contacts and accesses to the right hacker forums, could find
criminal vendors to create unique malware for them, another
to distribute that malware, a third to handle hosting of the
malware’s command and control, a fourth to handle money
laundering, etc. The point being that a marketplace exists to
accommodate anyone who wants to be a malware pusher and,
in doing so, creates competition between developers of ‘ransomware as a service’ that often results in more capable ransomware,” Kujawa explains.
One such model relies on affiliates. The attackers create the
malware and then modify it. They provide it to the customers who create ransomware files and distribute them out to the
internet. “In this model, the creators get a percentage of ransom
payments, and the affiliates do as well. This is how sophisticated
it has become,” Kujawa says. “Attacks are sometimes to set people
up in the right place and then to knock people over like dominoes.
The ones who are actually able to do this are the most damaging.”
Greenhalgh elaborates, “If you access the dark web, you can
easily find ransomware-as-a-service business models. ‘I’m going
to give this much money to you and give you these addresses;
here are my targets.’ I load them into the system, create my own
ransomware notice, and the software does the rest. The host
takes their cut from the ransom and deposits the remainder
into your bank account. Ransomware has been embraced by
organized crime and has gotten very sophisticated because it’s
extremely lucrative and growing.”
Action Steps in the Event of an Attack
To help prevent a ransomware attack, Reed offers, “Don’t open
attachments or click on links if they are not from legitimate
sources. Organizations should also make sure they are monitoring their network activity, making sure they are able to ID malware or phishing, and have the right technology and procedures
to monitor for those things on the network.”
20 FOR THE RECORD • APRIL 2020
Should an attack take place, experts recommend having upto-date backup data. “Keeping backups is crucial,” Reed says. “By
having multiple backups, in some cases kept off-premise, you’ll
be able to restore business operations as quickly as possible. Also,
prepare. Have an incident response plan. If anything does happen, everyone knows the role to play to mitigate the impacts.”
Patrick concurs, “Prior to falling victim, they should have
back-up systems in place, which is something that has always
been a problem in health care. Another preventive measure is to
restrict administrative privileges for standard users. Phishing
can be effective if a person has admin privileges, but a standard
user would be blocked.”
Reactively, in general, an organization should disconnect the
infected system from the rest of the network. “Removing the
ability for things to crawl through the network can contain it,”
Patrick says.
“But don’t turn your computer and/or server off. There is valuable forensic information in the RAM that will go away if you do,”
Greenhalgh cautions.
“After that, go through your disaster response/recovery,”
Patrick says. “If a hospital’s main EHR is affected, this is a
pretty big deal. Part of the proactivity is the disaster recovery
plan. ‘What is our fallback plan? Can we admit patients? Can
we provide care? Do we need to revert to paper if the system
fails?’ The disaster recovery plan is what that organization
should turn to. It depends on what, where, and the criticality of
what was infected.”
Greenhalgh also believes disaster recovery is key. “You need
an incident response plan. OCR [Office for Civil Rights] is looking for these concentrated and coordinated contingency plans.
It’s up to organizations to practice their plans,” he says. “The
Ponemon Institute’s 2018 ‘Cost of a Data Breach’ study listed
the cost of a data breach for health care as the highest in all
industries: $408 per record. How do we reduce the pain associated with a breach? You can do different things to increase or
decrease the cost. According to the Ponemon report, the No.
1 thing you can do to reduce it is to have an incident response
plan. You will minimize the malware’s impact and recover
faster if you become coordinated in your response.”
Some of the most important components of a disaster recovery
plan are the team and communications. “You may need back-up
communications,” Greenhalgh explains. “E-mail or VOIP might
not be there if your network is on hard lockdown. The plan should
lay out everything that you should do.”
Kujawa adds, “The bad guys don’t rely on lack of security to
break in. They rely on lack of knowledge. Know that, first of all,
the attackers will find a way in, regardless. Prepare your organization to be attacked.”
He cites the importance of identifying the most valuable data
on the network—the data that will be needed to pay the ransom—then establishing additional internal security procedures
to protect those specific data. “You can have specialized access
lists for certain data or utilize additional encryption. It really
depends on the operational requirements for that data and what
the organization can deploy,” Kujawa says.
Organizations should encourage employees to report suspicious activity. “For instance, if we ever get an e-mail that looks
weird, our employees can send it to an e-mail address for phishing within the organization to have it checked out. That is the
middle point, a compromise,” Kujawa notes.
To Pay or Not to Pay
The industry is conflicted over whether or not to pay the ransom when an organization is attacked. “Some people believe you
should pay the ransom,” Kujawa says. “Get things back on track
and reduce the risk and downtime. In an incident in Baltimore,
the organization waited to decide, and the ransom went up. If
you’re a manufacturing plant and your systems go down, you are
completely out of business until you come back up. But in a hospital, people can die.”
Greenhalgh explains the industry’s ambivalence. “It’s in
debate. It’s a decision that each entity needs to make for itself.
How long and how much money is it going to take to restore
ourselves if we don’t pay the ransom? Can the organization
wait that long? What if it takes a month? Can you wait that
long? Can your business sustain that? Then, if you do pay,
you’ve just told the hacker community that you’ll pay. Ransomware payments are getting bigger, probably because people are
paying them. If a hospital pays $700,000, will the next one pay a
million?” he says.
“The FBI would tell you, don’t pay the ransom, as would
other security professionals. Don’t provide funding for future
attacks,” Patrick says. “However, there is a town in southern Florida that paid because their entire environment was
infected, and there was nothing they could do. It depends on
the risk tolerance of the organization. You can sometimes pay
and not receive the encryption key. It’s situation specific. But,
when possible, don’t pay.”
Reed, too, advises organizations not to pay the ransom. “I
would always say to not pay. You are not dealing with a legitimate organization. This is extortion. You should never pay or
encourage this type of cyberactivity,” he says. “Also, if you
do pay the ransom, you open yourself up to future attacks
because you are a known target that will pay up. And there is
no guarantee that you will get your files back or that they will
be restored properly if you pay the ransom.”
Greenhalgh says the cyber-insurance industry oftentimes
recommends that organizations pay the ransom. “There may
be other mitigating factors that inform their decision—like a
greater financial impact resulting from loss of business and
damage to the hospital’s good name, and they don’t want it to
go under,” he says.
does it take us to get rid of it? You may not understand what
additional malware they have loaded and have no idea how
long they have been in your system. They may have loaded
Trojan horses or malware, and you’ve been backing this up for
a long time,” he says.
A ransomware attack will breach two of the three components that help shape an organization’s data security policies.
Known as the CIA triad, the three components, or pillars, are
confidentiality, integrity, and availability. “Unauthorized access
will compromise the confidentiality of protected data. Ransomware will restrict the availability of the systems to provide
patient care. What if attackers start altering your data and they
don’t tell you when or where they did it? Untraceably altering
the integrity of the data is the next fear in the evolution of ransomware,” Greenhalgh says.
Reed offers guidance for any organization that falls victim
to a ransomware attack. “You don’t know who these cybercriminals are; you don’t have any right of redress if you don’t
know whom to pursue, if you decide to pay but don’t get your
files back,” Reed explains. “That is why it is fundamentally
important to keep a backup of those critical files in a separate
location to recover from a ransom attack. Also, as a preventive measure, have good procedures and well-defined roles [in
place], and the right level of supporting technology to provide
early warning of these attacks.”
Kujawa adds, “Learn from mistakes; become more resilient,
more agile. Attackers will evolve. Health care organizations must
evolve as well.” n
Susan Chapman is a freelance writer based in Los Angeles.
COME OUT ON TOP
Earn your degree from one of the nation’s top programs*
Unforeseen Lasting Effects
Patrick believes one of the most important lasting effects of a
ransomware attack is external stakeholder trust. “Do people
feel confident in this organization’s ability to protect data and
provide care? There could be confidence issues within the local
community as well,” he says.
More tangibly, though, are damages to an organization’s
systems. “Keep an eye on things from a malware perspective
that could later launch another ransomware attack,” Kujawa
says. “Not all attacks are ransomware. There is information
stealing, credential stealing. They hide in the background.
Ransomware is the most obvious, but most malware doesn’t
want you to know it’s there. So, lasting effects are often
hidden malware.”
Greenhalgh agrees. “Do you really know if your system
is clean now? Because in health care, there is a mean time
to containment and then a mean time to extraction—how
long does it take us to find the malware, and how long
HEALTH INFORMATION ADMINISTRATION
Bachelor’s Degree • 100% Online
HEALTH INFORMATION TECHNOLOGY
Associate Degree • Part-time Option
iun.edu/health-info-admin
* BSHIA, Healthcare Management Degree Guide, 2019. Both degrees accredited by the Commission
on Accreditation for Health Informatics and Information Management Education (CAHIIM).
APRIL 2020 • WWW.FORTHERECORDMAG.COM
21
Copyright of For the Record (Great Valley Publishing Company, Inc.) is the property of Great
Valley Publishing Company, Inc. and its content may not be copied or emailed to multiple
sites or posted to a listserv without the copyright holder’s express written permission.
However, users may print, download, or email articles for individual use.
Question 1
2
Points
They type of malware that infects computers, servers, databases, and managed service providers, encrypting
data on the infected platform is called
Choose at least one correct answer
1. Answer 1
Encryption software
2. Answer 2
Ransomware
3. Answer 3
Anti-virus
4. Answer 4
Trojan horse
Question 2
2
Points
According to Verizon’s 2019 Data Breach Investigations Report, ransomware incidents accounted for more
than what percentage of all malware occurrences across the health care industry.
Choose at least one correct answer
1. Answer 1
50%
2. Answer 2
60%
3. Answer 3
70%
4. Answer 4
80%
Question 3
2
Points
In addition to the comprehensive range of information affected and exposed, why are security breaches in the
healthcare industry so devastating?
Choose at least one correct answer
1. Answer 1
Because healthcare has historically been slow to adapt to modern security practices
2. Answer 2
Because patients’ lives literally hang in the balance
3. Answer 3
Personal information is frequently unmasked and available
4. Answer 4
All of these are reasons
Question 4
2
Points
How is ransomware most commonly distributed?
Choose at least one correct answer
1. Answer 1
Malicious e-mails
2. Answer 2
Floppy disks
3. Answer 3
Phone calls
4. Answer 4
All of these
Question 5
2
Points
What is the impact of market competition on “Ransomware as a Service?”
Choose at least one correct answer
1. Answer 1
It is easier and cheaper for potential attackers to find programmers to write increasingly capable ransomware.
2. Answer 2
Organizations can choose from a large selection of potential attackers on their records.
3. Answer 3
It is easier than ever for organizations that are attacked to undo the damage.
4. Answer 4
The authorities can more readily investigate attacks because they have past history with programmers in the
marketplace.
Question 6
2
Points
What step(s) should organizations take to prevent Ransomware attacks?
Choose at least one correct answer
1. Answer 1
Don’t open attachments or click on links if they are not from legitimate sources.
2. Answer 2
Monitor their network activity in order to identify malware or phishing.
3. Answer 3
Have the right technology and procedures to monitor for malware of phishing on the network
4. Answer 4
All of these
Question 7
2
Points
What is the best way to recover from a ransomware attack?
Choose at least one correct answer
1. Answer 1
Have multiple employees with administrative privileges in different parts of the company.
2. Answer 2
Keep an expensive data recovery service on retainer.
3. Answer 3
Invite frequent ransomware attacks to perfect your response.
4. Answer 4
Have multiple up-to-date backups, some of which are kept off-premises.
Question 8
2
Points
In the event of a ransomware attack on your company’s data, you should do all of the following EXCEPT
Choose at least one correct answer
1. Answer 1
Remove the infected computer or server from the network
2. Answer 2
Initiate your organization’s disaster recovery plan
3. Answer 3
Turn off the infected computer or server
4. Answer 4
Coordinate your organization’s response based on your incident response plan
Question 9
2
Points
According to the Ponemon Institute’s 2018 ‘Cost of a Data Breach’ study, which industry has the highest cost?
Choose at least one correct answer
1. Answer 1
Healthcare
2. Answer 2
Legal
3. Answer 3
Manufacturing
4. Answer 4
Financial Services
Question 10
2
Points
The FBI and other security professionals would tell you to not pay the ransom for all of these reasons
EXCEPT
Choose at least one correct answer
1. Answer 1
By paying you are providing funding for future attacks
2. Answer 2
By paying you are completing a voluntary transaction and limiting the liability of the attackers
3. Answer 3
By paying you are inviting future attacks by telling the hacker community that you’ll pay
4. Answer 4
You can sometimes pay and still not receive the encryption key
Top-quality papers guaranteed
100% original papers
We sell only unique pieces of writing completed according to your demands.
Confidential service
We use security encryption to keep your personal data protected.
Money-back guarantee
We can give your money back if something goes wrong with your order.
Enjoy the free features we offer to everyone
-
Title page
Get a free title page formatted according to the specifics of your particular style.
-
Custom formatting
Request us to use APA, MLA, Harvard, Chicago, or any other style for your essay.
-
Bibliography page
Don’t pay extra for a list of references that perfectly fits your academic needs.
-
24/7 support assistance
Ask us a question anytime you need to—we don’t charge extra for supporting you!
Calculate how much your essay costs
What we are popular for
- English 101
- History
- Business Studies
- Management
- Literature
- Composition
- Psychology
- Philosophy
- Marketing
- Economics