Cyber extortion has become a serious problem for businesses in recent years. As a practice owner, it’s no longer something you can afford to ignore. Like other health care providers, doctors of optometry have a responsibility to protect business records, including the personal information of patients. Ransomware attacks directly target these records, leading to all sorts of financial and legal ramifications.
As attacks and costs soar and the legal landscape becomes even more complex, it’s important to be prepared so you can prevent attacks, minimize risk and help ensure your premiums for cyber liability coverage remain low.
Increasing Ransomware Attacks
Cyber extortion attacks have been creeping up for years. Hackers will infect a computer system with ransomware through an email, website or security vulnerability, locking up data and holding it for ransom.
If you become a victim of an attack, you will either have to pay the ransom or restore your business data from secure backups that managed to escape the attack. Ransomware attacks used to be limited to small-time criminals extorting businesses for a few hundred dollars at a time. It was disruptive for businesses, but not a problem that could not be overcome.
However, a lot changed in 2020. The pandemic created a perfect storm, where millions of employees moved to remote work and businesses sought guidance on proper procedures for health and safety. Ransomware attacks increase exponentially, up as much as 700% since March 2020.
Many of these attackers used the pandemic to their advantage, spreading ransomware viruses through email attachments made to look like Covid-19 guidance from government and health authorities.
The nature of these ransomware attacks also became more sophisticated. Rather than amateur hackers, many attacks appear to involve complex crime networks and state-level actors. In some recent high-profile cases, a copy of some of the victim’s data was posted online to incentivize payment of the ransom. Recent attacks have also specifically singled out the computer systems of government, financial, legal and health care organizations.
Increasing Ransomware Costs
As the number and complexity of ransomware attacks increases, so do the costs. The first cost of a ransomware attack has always been the demand for the ransom itself. Demands vary, with hackers basing their price on what they have stolen. A single PC’s files may still command a ransom of only a few hundred dollars, while a large organization’s business records data can easily face a demand for millions.
Paying ransoms of any amount has long been discouraged by law enforcement, since there is no guarantee that hackers will honor their word and return the victim’s stolen data. But in October 2020, paying a ransom to a hacker also entered into a legal grey area, with the U.S. Department of Treasury Office of Foreign Assets Control and the Financial Crimes Enforcement Network advising that payment facilitators could face legal liability if the hack comes from a sanctioned entity. This leaves practice owners facing an attack in a more difficult position. Even if you wanted to and were able to pay the ransom demanded, it may be impossible to do so.
Ransomware costs also extend beyond the payment of the ransom itself, including:
- Hiring experts for forensic analysis and data recovery
- Income lost due to business interruption
- Legal costs related to patient complaints and regulatory actions
Another hidden cost of ransomware attacks is the cost of insurance to protect businesses against such cyber criminals. With the cost of attacks often falling to insurers, increasing attack frequency, ransom demands and incident complexity can put upward pressure on premiums, impacting large numbers of businesses if the trend continues.
Managing the Risks of Ransomware
Managing the risks of ransomware is essential for protecting the optometry practice you’ve worked so hard to build. Since costs can often get out of hand once an attack has occurred, a business owner’s best option is to prevent ransomware attacks in the first place.
Every organization is different, but there are several steps any practice can take to reduce their risk.
- Implement a cyber plan at your practice. This plan can help improve your practice’s response should you experience a cyber attack.
- Perform regular backups of important data. Make sure backups are reliable, testing them regularly to ensure you can restore your systems quickly if needed.
- Train and educate employees on ransomware. Encourage employees to stay vigilant and report any phishing emails or other suspicious activity to IT promptly.
- Implement recommended technical controls. Endpoint protection, network segmentation, vulnerability management and intrusion detection are all recommended.
- Safeguard login credentials with multifactor authentication. Take advantage of protections that can prevent a hacker from accessing your systems.
- Choose broad cyber insurance coverage. Work with an insurance carrier that covers ransomware attacks and offers resources to help keep your business safe.
The problem of ransomware and cyber extortion is more complex than ever. Practice owners need to be aware of the increase in attacks and their costs and take steps to minimize risks. For more information on how you can protect your optometric practice, contact your insurance representative.