Find out if you’re vulnerable to targeted ransomware attacks. If you thought a once-in-a-lifetime global pandemic would slow down hackers, think again. A blitz of ransomware attacks has plagued the U.S. in recent months — and, unfortunately, the healthcare industry is a prime mark. Read on for the lowdown. Problem: With their abundance of sensitive patient data ripe for the taking, hospitals and other healthcare facilities remain vulnerable targets, especially during these trying times. Plus, many providers are already operating in crisis mode and strapped for cash, which in turn causes IT concerns to be pushed to the back burner. In addition, the HHS Office of Inspector General (OIG), the Federal Bureau of Investigation (FBI), and others have reported increased cyber activity, including coronavirus phishing, COVID-19 texting scams, and malware infiltrations. And, as ransomware attacks spike, experts warn that the healthcare industry should expect data incidents to increase and prepare accordingly. Reminder: Covered entities (CEs), their business associates (BAs), and their patients are particularly vulnerable to “targeted” ransomware attacks, the HHS Office for Civil Rights (OCR) stresses in its Cybersecurity Newsletter. “In such incidents, ransomware can be customized and deployed based on the size and sophistication of a potential victim,” explains OCR. “The ransom demands for this type of attack are often set according to the victim’s perceived ability to pay,” the agency adds. First, Prevent and Mitigate Risks CEs are required to analyze and manage their risks as part of the HIPAA Security Rule. Not only do they need to follow through on these steps because it is required under the law, but CEs and their partners should do this to protect their patients’ electronic protected health information (ePHI) — and essentially their bottom lines. Breach prevention starts with a thorough assessment of your organization’s IT practices, software, hardware, training, and more. Next, the information gleaned from the audit is analyzed. This analysis is used to make a compliance plan with the goal of mitigating data security risks and decreasing the chances of HIPAA violations. Finally, your IT staff or vendor implements measures to maintain and manage risks (i.e. password controls, logging and monitoring, patch updates, etc.). Unfortunately, there’s no end to the nefariousness of cyber attackers, and even the savviest tech departments experience data security issues. The key is sifting through the clues that led to the outage while ensuring it doesn’t happen again. “If you’re attacked, get the best information security experts you can afford to see if there is a way out and to keep from damaging any evidence you may need to preserve,” recommends HIPAA expert Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems LLC in Charlotte, Vermont. Understand the Reasoning Behind a Forensic Investigation If you find yourself on the wrong side of a cyber attack, the best way to get answers is with an in-depth forensic investigation of your systems. Neither OCR nor the HIPAA Security Rule mandate this kind of check-up, but their findings often reveal things that your IT personnel may have overlooked. “Forensic investigators provide an independent set of investigative eyes,” advises Jen Stone, MCIS, CISSP, CISA, QSA, principal security analyst, with Security Metrics in Orem, Utah. “A forensic team is typically engaged if you believe your systems have been compromised but don’t know the extent of the breach, or whether it is a reportable breach under HIPAA rules.” These specially trained teams find answers and uncover the security vulnerabilities that led to the breach in the first place, Stone suggests. “Even when IT groups believe that they’ve discovered the source of the compromise, forensic investigators routinely find evidence that was missed and the security weaknesses that will, when corrected, prevent the hackers from succeeding the next time,” she explains. Breach Determines Level of Inquiry Not every incident deserves a forensic-level examination, but every cyber attack should be investigated, admits Adam Kehler, director of RSP Healthcare Services with Online Business Systems. Why? A closer inspection of the breach will expose the factors that allowed your systems to be compromised. Plus, it will help determine whether a more extensive forensic investigation is necessary, Kehler adds. He suggests that a probe of the case will reveal the answers to these important questions: Important: “Forensic investigations help you see what went wrong, which vulnerabilities were exploited in the breach, and what you need to do to harden your systems so that it won’t happen again,” Stone says.