Health Data Ransom Evolves

The Deep.Dot.Web reported a new attack on three US healthcare orgs in the southeast and midwest that has 655,000 identities at risk. We saw what happened at Medstar when care providers had to rely on paper records, things slow down and care could suffer.  Hospitals are on notice of the risks from not properly protecting patient data but that doesnt mean that they are prepared.  See full story here:  https://www.deepdotweb.com/2016/06/26/655000-healthcare-records-patients-being-sold/
We have seen ransomware go through a couple of phases, with each iteration of malware improving the hackers options for success.  Crysis malware is the latest scurge and can encrypt data and take remote admin control of systems and move data away from an organization.  Crysis can be delivered through email or downloaded from websites as part of a download for an installer.   http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/crysis-to-take-over-teslacrypt    Larger organizations are getting hit on their enterprise share drives, this is no longer a client-only problem.
The ability to pull files away from the infected organization, could trigger the data breach threshold.  This latest hack has a similar theme, has accessed three health providers internal systems and "pulled out" hundreds of thousands of complete patient records using RDP.  The databases are for sale from $100,000 to $400,000 and are currently not exposed.  The hacker wants to give the company a chance to pay the ransom...which is (apparently) less than the retail price shown.  How much less?
Insurance policies will cover extortion and ransom demands and have a retainer, so most will fall below the threshold to trigger a payment.  But are we entering the next phase, where data ransom payments are negotiated more akin to people?  The  JIGSAW variant of Ransomware as a Service uses  to guide its victims through a speedy payment process and assures them that their data will be restored.  http://www.darkreading.com/attacks-breaches/ransomware-now-comes-with-live-chat-support/d/d-id/1325879  If the hacker requests $100,000 more than the client's deductible, the insurer will take the hit.  Should healthcare orgs expect premium increases for this popular coverage?
These extensions in the software make it easier to pay with bitcoin, to negotiate amounts and for the hacker to find the right price point for the stolen data.  Even then, there is no assurance that your data will not be re-sold or released for others to create a synthetic identity.  Medical service fraud is on the rise and consumers are on the hook, unlike dredit card payments.  http://medidfraud.org/wpcontent/uploads/2015/02/2014_Medical_ID_Theft_Study1.pdf
Ransomware covers multiple approaches to holding data and companies, hostage.  The best guidance is to have a business continuity and disaster recovery plan in place, the experts may have a hard time helping you without that.  And, buy ransom and extortion insurance.  Its good value for the price and enables risk transfer when all else fails.  Just dont publicize that you have it...it may drive up the cost of your data.

---