The aftermath of a ransomware attack on Change Healthcare, a company responsible for handling 15 billion healthcare transactions per year and storing 1 in 3 patient records in the US, is still causing significant disruptions even after almost three weeks.

The cyberattack caused a system shutdown for processing claims, billing, and verifying patients’ eligibility for care. This resulted in delayed prescriptions, discharges for hospital patients, and issuing of paychecks for medical staff being affected.

On February 21, an event occurred that has been referred to as the most impactful cyberattack on the American health care system by the American Hospital Association.

This is simply the most recent instance of a growing pattern.

According to Meredith Griffanti, the head of cybersecurity and data privacy communications at FTI Consulting, we have assisted small hospital systems with only a few dozen beds in situations where they may have to pay in order to avoid redirecting essential services, such as ambulance transportation, to a distant rural area 100 miles away.

Criminal hackers use ransomware attacks to lock victims’ computer systems and demand a significant amount of money in exchange for unlocking the encrypted data. This is done to prevent the data from being released or sold on the dark web, which is not accessible through regular internet browsers.

According to a January report from cybersecurity firm Emsisoft, 46 hospital systems including a combined total of 141 hospitals in the US were impacted by ransomware attacks in 2023. In at least 32 of these systems, sensitive health data was compromised.

A ransomware attack occurred at Ardent Health Services in November 2023, impacting 30 hospitals and resulting in the cancelation of patient procedures. Emergency room patients in three states had to be redirected to alternative hospitals.

Other effects may include restricted access to medical records, preventing doctors from viewing patient allergies and current medications. This may also lead to delays in obtaining necessary testing and scanning services.

According to specialists from the University of Minnesota School of Public Health, approximately 42 to 67 Medicare beneficiaries lost their lives due to ransomware attacks from 2016 to 2021.

Compromised information

“In 2023, FTI Consulting’s Griffanti noted that the actions of threat actors and their aggressive tactics in extortion became truly astounding.”

The individual stated that they witnessed a range of things, from receiving death threats to receiving flowers at CEOs’ residences. Additionally, they observed photos of executives and their family members being posted on shady online platforms.

The total number of attacks each year is greater than reported, as numerous incidents occur within the private sector, and various organizations are indirectly affected by the compromised computer systems of their service providers.

“We are witnessing a troubling trend where ransomware attackers are becoming more audacious. They are now targeting vulnerable sectors such as healthcare and public health, aiming to disrupt our daily lives,” explained Gabriel Davis, head of Risk Intelligence and Operations at the Cybersecurity and Infrastructure Security Agency (CISA).

Schools are at risk of being targeted by ransomware due to insufficient resources for proper protection. They are appealing targets for criminals due to the abundance of sensitive data they hold. According to Emsisoft, at least 1,899 K-12 schools in the U.S. experienced attacks in 2023.

During the attack on Minneapolis Public Schools, there was not only a disruption in learning, but also a theft of approximately 200,000 documents which were subsequently uploaded online. These documents included sensitive information such as reports of sexual abuse of students, allegations of misconduct by teachers, psychological profiles of students, and Social Security numbers.

“Having more wealth correlates to having more issues”

According to Reuters, UnitedHealth Group, the parent company of Change Healthcare, made a payment of $22 million to hackers in an attempt to regain access to encrypted data and systems. Both parties, however, have refused to provide further information or comments on the matter.

There has been a significant increase in payments to ransomware gangs over the past five years.

In 2023, Emsisoft reported that the median amount paid in ransom was approximately $1.5 million, a significant increase from 2018’s average of $5,000. The suggested solution, as stated by Emsisoft, is to completely prohibit these payments.

There is a lack of agreement among professionals and governing bodies about prohibiting.

According to VOA, Brett Callow, an analyst for Emsisoft, stated that a full prohibition is achievable: Many believe that such a ban would drive ransomware activity even further underground. However, the truth is that it is already deeply embedded, with only 20% of organizations reporting incidents. While a ban may initially create challenges for victims, wouldn’t it be better to prevent long-term issues caused by ransomware for everyone?

Ivan Markovic, a cybersecurity specialist, advised VOA against paying ransomware. He believes that if a malicious party has gained access to your system, it is safest to assume that all information has been compromised.

Markovic suggested that, although implementing some laws and implementing a complete ban may have benefits, there are certain exceptional circumstances that should be openly discussed and examined by professionals. This is especially crucial in urgent situations where immediate action is needed to safeguard human lives.

CISA’s main emphasis is on thwarting attacks and aiding organizations in their restoration efforts.

Davis explained to VOA that it is impossible to completely prevent anything from happening. However, in the event of occurrences, it is crucial to limit and combine the harm and consequences. By consistently and continuously accomplishing this goal, along with decreasing the exposure of at-risk devices and organizations, there will be a significant decline in these attacks over time.

Source: voanews.com