Skip to main content
Procopio Logo

Ransomware Attacks Are On The Rise: Are you Prepared?

Ransomware Attacks Are On The Rise: Are you Prepared?

Ransomware Attacks Are On The Rise: Are you Prepared?

Cybercriminals are threatening data-extortion plots against the U.S. healthcare system, the FBI and two other federal agencies warned on October 28th. The plots are ransomware cyberattacks designed to lock up hospital information systems, which could lead to data theft and cause significant disruption of patient services as COVID-19 case numbers continue to surge.

At least five American hospitals have been impacted by the cyberattacks this week, and security experts warn that hundreds more may be affected. Experts say that the magnitude of this latest wave of cyber threats is unparalleled, and the cybercriminal group responsible appears to be a Russian-speaking criminal gang.

This latest wave of cyber threats against the U.S. healthcare system is part of a growing trend. A ransomware attack in September slowed all 250 facilities of the Universal Health Services hospital chain. Universal’s doctors and nurses were forced to revert to antiquated recordkeeping methods—the old paper and pencil—while lab work slowed and patient monitoring equipment faltered. So far in 2020, at least 59 U.S. healthcare providers/systems have been affected by ransomware, interfering with patient care at 500+ facilities.

If you find yourself a victim of a ransomware plot, whether in healthcare or not, here are some guidelines to help weather the attack:

  1. Engage your in-house and outside counsel.
  2. Decide, with your counsel, whether to inform the FBI.
  3. Engage your crisis management team.
  4. Begin execution of your data incident response plan.
  5. Notify your insurance broker and/or cyber-insurance carrier.
  6. Investigate the incident.
  7. Stop any additional loss and prevent further exposures.
  8. Assess the fallout.
  9. Learn from the incident and improve your response plan and system security.

Even before you become a victim to ransomware, there are measures to take that will mitigate the possibility of being infiltrated. Besides working with outside counsel to plan and prepare for the steps above, you should consider doing the following:

  1. Educate your workforce, e.g., utilization of strong passwords, think before you click, locking devices, avoiding public WiFi.
  2. Restrict access to data as much as possible.
  3. Encrypt data.
  4. Conduct regular security risk assessments.
  5. Backup to a secure, offsite location.
  6. Evaluate the cybersecurity posture of your vendors.

Please feel free to speak with your contact or anyone at Procopio if you would like assistance with implementing the recommended measures, improving your existing plans, or if you have been subject to a ransomware attack.


Elaine F. Harwell

Partner and Privacy Officer

Elaine focuses on representing clients in privacy and data security matters, including litigating claims involving privacy issues, helping clients manage emerging risks and conduct privacy risk assessments, and advising on regulatory and compliance issues. She been involved in numerous trials as well as arbitration proceedings related to contract and general business disputes, trade secret matters, complex unfair competition and business practice claims, and professional liability. Elaine has earned the ANSI-accredited Certified Information Privacy Professional/United States (CIPP/US) and the Certified Information Privacy Manager (CIPM) credentials through the International Association of Privacy Professionals (IAPP), and is the leader of Procopio’s Privacy and Cybersecurity practice and the firm’s Privacy Officer.

Elaine focuses on representing clients in privacy and data security matters, including litigating claims involving privacy issues, helping clients manage emerging risks and conduct privacy risk assessments, and advising on regulatory and compliance issues. She been involved in numerous trials as well as arbitration proceedings related to contract and general business disputes, trade secret matters, complex unfair competition and business practice claims, and professional liability. Elaine has earned the ANSI-accredited Certified Information Privacy Professional/United States (CIPP/US) and the Certified Information Privacy Manager (CIPM) credentials through the International Association of Privacy Professionals (IAPP), and is the leader of Procopio’s Privacy and Cybersecurity practice and the firm’s Privacy Officer.

Stay up-to-date with the Procopio newsletter.

Sign Up Now

MEDIA CONTACT

Patrick Ross, Senior Manager of Marketing & Communications
EmailP: 619.906.5740

EVENTS CONTACT

Suzie Jayyusi, Events Planner
EmailP: 619.525.3818