Cyber Resilience is like muscle – training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies.
.
Join CynergisTek on December 9th at our free, virtual Ransomware Bootcamp providing insider insights and unique value to help you stay ahead of the curve and protect yourself from being the next target.
Boost Fertility New Invention Ups Success Rates.pdf
CynergisTek’s Ransomware Bootcamp
1. Ransomware Bootcamp
R E S I L I E N C E I S A M U S C L E – T R A I N I N G H E L P S Y O U A C H I E V E M O R E
2. Elissa Doroff
M A N A G I N G D I R E C T O R ,
C Y B E R P R O D U C T L E A D E R @
LO C K T O N F I N A N C I A L
S E R V I C E S
MEET OUR SPEAKERS
I N D U S T R Y T H O U G H T L E A D E R S
2
Kurtis Minder
C E O @ G R O U P S E N S E |
R A N S O M WA R E S T R AT E G Y &
N E G OT I AT I O N
Mac McMillan
C E O & P R E S I D E N T @
C Y N E R G I S T E K
WE’RE ABOUT RESILIENCE
3. .
3
Experienced Resources:
Average consultants with 15 years of experience in
cybersecurity, privacy and consulting services.
31% veterans and 50% with direct healthcare experience.
Industry Leader:
Over 10,000 cyber security & privacy assessments completed, meeting multiple regulatory requirements enabling CynergisTek to be
the 1st organization to achieve certification for DoDCMMC ProgramThird-PartyAssessment
Trusted Partner:
Rated top trusted partner by
healthcareCIO’s in new KLAS
Research report.
Quality Delivered:
A deep reservoir of experience, providing proven best
practices, driving efficiencies in engagement applying
benchmarks across organizations and enabling knowledge
transfer.
Market Impact:
Over 1000+ healthcare facilities
serviced with average client
tenure of 4+ years.
Technology
Enabled:
Agnostic approach to
integrating technology to
enable managed services
through 3rd party strategic
relationships and internal
development.
YOUR TRUSTED PARTNER AND EXPERT
D E V E L O P I N G A R E S P O N S I V E , T A I L O R E D , K N O W L E D G E B A S E D A N D C O M P R E H E N S I V E
A P P R O A C H T O S E C U R I T Y A N D P R I V A C Y O V E R T H E L A S T 2 0 Y E A R S .
Industry Leader:
Over 10,000 cyber security & privacy assessments completed, meeting multiple regulatory requirements enabling CynergisTek to be
the 1st organization to achieve certification for DoDCMMC ProgramThird-PartyAssessment
WE’RE ABOUT RESILIENCE
4. Ransomware: The Broker &The
Negotiator
A CYNERGISTEK BOOT CAMP SERIES
4
WE’RE ABOUT RESILIENCE
5. 5
93%
Healthcare organizations
have experienced a data
breach over the past
three years, and 57
percent have had more
than five data breaches
during the same time
frame.1
Cost of Data
Breaches in US
Healthcare
Organizations in
2020.2
$13B
Expected to see
an increase in the
death rate among
heart patients in
the following
years because of
cybersecurity
remediation
efforts.3
1 Cybersecurity Ventures
2 Infosecurity Magazine
3 Vanderbilt University Study
4 Beckers Hospital Review
5 2021 Ponemon Study
Ransomware impacts
included; longer stays,
delays in procedures and
poor outcomes, patients
diverted, complications
from medical procedures
and increased mortality
rates.5
3,500
Active US
cybersecurity
vendors estimated
by CyberDB.4
YOU CAN’T STOP ATTACKS!
B U T Y O U C A N B E M O R E R E S I L I E N T B Y C R E A T I N G T H E A B I L I T Y T O A N T I C I P A T E , W I T H S T A N D ,
R E C O V E R F R O M , O R A D A P T T O A D V E R S E C O N D I T I O N S , A T T A C K S , O R C O M P R O M I S E S .
6. BY THE NUMBERS:
100,000
90,000
80,000
70,000
60,000
50,000
40,000
30,000
20,000
10,000
0
10,000
20,000
30,000
40,000
-2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Cash Reserves, Receipts & Expenses – Per Bed
Reserve Expenses Claims 2 per. Mov. Avg. (Reserve)
Week
Normal Operations
• Claims > expenses
• Cash reserves OK
Ransomware Attack
• External & overtime
expenses
• Claims processing
stops
EHR recovered
AR recovered
1st Claims
Submitted
Cash deficit
reaches $100K
per bed
Lost charge
capture of 6-10%
means hospital
will experience a
deficit for a year • IT projects
stop
• Capital
expenditures
impacted
7. Cyber Insurance
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
8. Elissa is a Managing Director and Cyber Product
Leader for Lockton Financial Services, Pacific
Series. Based remotely in NewYork City, Elissa is
responsible for leading product and thought
leadership for Cyber,Tech E&O, and Media
Liability. In addition, she is the lead technical
consultant and advises clients and colleagues on
best practices in risk mitigation, vendor
management, and claims navigation.
8
ELISSA DOROFF
M A N A G I N G D I R E C T O R , C Y B E R P R O D U C T L E A D E R A T L O C K T O N F I N A N C I A L S E R V I C E S
9. • Evolution of “Cyber” Insurance
• Current Coverages and Endorsements
• Application Process
• Claims
• Emerging Risks and Best Practices
AGENDA
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
9
WE’RE ABOUT RESILIENCE
10. 10
AUDIENCE POLL #1
• Do you know if your company purchases cyber insurance?
• We do purchase
• We do not purchase
• I am not sure
WE’RE ABOUT RESILIENCE
11. 11
CYBER FACTS
WE’RE ABOUT RESILIENCE
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
$3.86M 96% 78% $10.5T
Average cost of
data breach
Organizations that
increased their
cybersecurity spending
in 2020
Respondents expressed
a lack of confidence in
their company’s IT
security posture
Estimated cost of
cybercrime by 2025
2,145,013 75B $4.2B 300,000
Phishing sites Google
has registered
Number of internet
connected devices
expected by 2025
Loss reported to FBI’s
Internet Crime
ComplaintCenter
Increase in cybercrime
complaints received by
FBI’s Internet Crime
ComplaintCenter in
2020
Sources: https://www.insight.com/en_US/campaigns/insight/cybersecurity-at-a-crossroads--the-insight-2021-report.html
https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
https://www.tessian.com/blog/phishing-statistics-2020/
https://securitytoday.com/Articles/2020/01/13/The-IoT-Rundown-for-2020.aspx?Page=2
https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
12. 12
CYBER FACTS
WE’RE ABOUT RESILIENCE
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
https://www.ibm.com/security/data-breach
https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf
https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions
https://www.dlapiper.com/en/us/insights/publications/2021/01/dla-piper-gdpr-fines-and-data-breach-survey-2021/
https://www.ibm.com/downloads/cas/RZAX14GX
https://www.sec.gov/news/press-release/2021-102
280 days
Average time to identify and
contain a breach
$1.85M
Average cost to remediate
ransomware
$5B
Penalty imposed on
Facebook for privacy
practices
281,000
Data breach notifications to
regulators since GDPR went
into effect
$392M
Average cost of breach
involving 50M records or
more
$487,616
Fine imposed by SEC for
cybersecurity disclosure
control failures
1.4M
Reports of identity theft
made to FTC
11M
Files that every employee in
financial services has access
to
31,000
Sensitive files open to
everyone in healthcare
organizations
21
Average days of downtime
from ransomware attack
<10%
Boards with a dedicated
cybersecurity committee
24%
Respondents with complete
knowledge of where their
data is stored
13. 13
RANSOMWARE IMPACT
WE’RE ABOUT RESILIENCE
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
Recent study of losses associated with 100 claims.
14. • Liability to Consumers, Customers and KeyVendors
• Fines and Assessments by Payment Card Industry
• Increased Regulatory Scrutiny
• Breach Notification Requirements
• Business Disruption and Interruption
CYBER THREATS - AN EVOLVING RISK THAT MAKES HEADLINES
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
14
WE’RE ABOUT RESILIENCE
15. TOP RANSOMWARE EVENTS Q1-2021
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
15
1. Channel Nine
2. Harris Federation
3. CNA Financial
4. FloridaWater System
5. Microsoft Exchange Mass Cyber Attack
6. SierraWireless
7. Airplane Manufacturer Bombardier
8. Computer Maker Acer
9. University of the Highlands and Islands
10. Accellion SupplyChain Attack
11. Colonial Pipeline
WE’RE ABOUT RESILIENCE
16. 16
AUDIENCE POLL #2
Has your company been a victim of a cybersecurity incident?
• Yes
• No
• I am not sure
• Not at liberty to disclose
WE’RE ABOUT RESILIENCE
17. EVOLUTION OF CYBER INSURANCE
Late
1990’s
2015-
2021
2017-
2022
Developed out ofTechnology
LiabilityCoverage
Development of Cyber
Insurance Product
Historically, “First Party
Coverages” largely sub-limited
Development Continues
Approximately a handful of
carriers in the primary space to
approximately 200 carriers of
cyber insurance in 2021 (though
still a handful with dedicated
claims teams)
Growth in Carriers
GWP went from $2B in 2017 (growth of
approximately 30% year over year) to
anticipated $7.5B in 2022
GWP Growth
18. CYBER COVERAGE EXPLAINED - FIRST AND THIRD PARTY
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
18
WE’RE ABOUT RESILIENCE
Cyber andTechnology Insurance
First Party Coverage
Crisis
Management
Notification
Expense
Credit
Monitoring
Forensic
Investigations
Public
Relations
Data
Recovery
Business
Interruption
and Extra
Expense
Dependent Business
Interruption
System
Failure
Cyber
Extortion and
Ransomware
Third Party Coverage
Technology
Products and
Services
Privacy and
Cyber
Security
Media
Liability
Privacy
Regulatory
Defense,
Awards and
Fines
PCI Fines
and
Penalties
19. • Consequential Reputational Harm Coverage
• Social Engineering – Financial Fraud
• Invoice Manipulation Fraud
• Cryptojacking
• Telephone Fraud
• BrickingCoverage
• GDPR/CA and BIPA
• Voluntary Shutdown
EMERGING COVERAGES
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
19
WE’RE ABOUT RESILIENCE
20. PRE-BREACH COLLABORATION
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
20
What proactive services are offered?
• Incident SimulationWorkshops
• InfrastructureVulnerability Scans
• ConsultativeTrainingWithTechnology Experts
• Endpoint Detection and Response
• Forensic/Legal and Public Relations Risk Consulting
• Best PracticesWorkshops
• CISOTrainings and Portfolio StressTesting
• DarkWeb Intelligence
• Network monitoring through various vendors
• Employee Cybersecurity eLearning and Phishing
Simulations
Developing Tools
WE’RE ABOUT RESILIENCE
21. • Application/Financial Information
• Understanding Insured’s Exposures, Risk of Loss and Compliance:
• In what industry does the Insured operate?
• How is cybersecurity managed?
• How are employees trained?
• How important is cybersecurity to management?
• What is predicted biggest loss?
• How is Data Identified, Classified and Stored?
• Regulatory Exposure and Compliance (GDPR, CCPA & BIPA)
• Ransomware Questions
HOW IS CYBER INSURANCE UNDERWRITTEN?
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
21
WE’RE ABOUT RESILIENCE
22. HOW IS CYBER INSURANCE UNDERWRITTEN?
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
22
WE’RE ABOUT RESILIENCE
MarketTrends – Cyber Rate Increases by Quarter (rates areYoY and compared to prior year)
23. CYBER CLAIMS NOTIFICATION PROCESS
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
23
• What type of event?
• Lost device?
• Malicious hacker?
• Disgruntled employee?
• Engage pre-approved
expert privacy attorneys to
determine legal applicability
of actions to respond to
reporting requirements and
maintaining privilege.
• Engage computer forensics
to determine existence,
cause and scope of breach.
• Do we need to hire a
public relations or crisis
communications firm?
Step 1 Step 2 Step 3 Step 4 Step 5
The Claims Specialist will help
you formulate your response:
Debrief with the claims
team member assigned to
you.
Some important things
to cover:
Immediately gather
your internal team and
review your incident
response plan. Call the
insurance Carrier’s
dedicated 800 number.
You Are Here: Your company
has suffered a security incident.
The clock is now ticking. It’s
time to do right by your
customers, employees,
shareholders and others. A
quick, effective response may
help you avoid lawsuits and
regulatory inquiries.
Execute Your
Response Plan
WE’RE ABOUT RESILIENCE
24. THE (POTENTIAL) RANSOMWARE ROADMAP
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
24
Detection
Engagement of
Breach Coach
Engagement of
Negotiation and
Payment Firm
Engagement of
PR Firm
Disclosures, as Required (Law,
Contract,Courtesy)
Internal/external; Law Enforcement;
Individuals; Regulators; Consumer
Reporting Agencies; Media; Business
Partners
Mobilization of
Incident
ResponseTeam
Engagement of
Forensic Investigation
What happened? How did it happen?
Is it ongoing? What is the impact and
scope of interruption? What
information may be at risk as a result
of the event?
Restoration
Backup v. Key
Engagement of
Mailing, Call
Center and Credit
Monitoring
Providers
Litigation/Claims
Single Plaintiff; Class Action;
Regulatory
WE’RE ABOUT RESILIENCE
25. 25
AUDIENCE POLL #3
Does your organization have a business continuity plan in place?
• Yes
• No
• I am not sure
• We are working on it!
WE’RE ABOUT RESILIENCE
26. • Understand your data - what it is, where it is, who has access to it, do you need it, etc.
• Understand contractual obligations to secure data and report security incidents.
• Understand legal and regulatory framework applicable to organization and data.
• Conduct a security assessment of your systems.
• Train Employees
• PatchVulnerabilities
• Operate Up-to-date Software
• UtilizeAnti-virus Software
• Utilize Firewalls
• Deploy Endpoint Detection and Response (EDR) Solutions
LEGAL AND TECHNICAL BEST PRACTICES (PRE-INCIDENT)
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
26
27. • PatchVPN
• Enable Multi-factor Authentication
• Manage Password(s)
• Identify and Secure “Crown Jewels”
• Backup Data
• “3-2-1 Method” – 3 Copies in 2 Locations, 1 of Which is Offline
• Develop andTest an Incident Response Plan
• Develop andTest a Business Continuity Plan
• Develop and Enforce aVendor Management Program
• Purchase Cyber Insurance
LEGAL AND TECHNICAL BEST PRACTICES (PRE-INCIDENT)
CONTINUED…
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
27
28. LEGAL AND TECHNICAL BEST PRACTICES (POST-INCIDENT)
H O W R A N S O M W A R E I S I N F L U E N C I N G C Y B E R I N S U R A N C E
28
Mobilize
Engage
Work
Ensure
Appreciate
Mobilize the incident response team.
Engage counsel to direct the incident response process.
Work with your broker to ensure timely and compliant notice to the cyber insurance
carrier.
Ensure appropriate messaging is provided at appropriate times to internal and external
audiences.
Appreciate the deadlines and thresholds for reporting events under contract and law.
29. LEGAL, REGULATORY AND COMMUNICATIONS STRATEGIES MUST
WORK IN LOCKSTEP.
C O M M U N I C A T I O N S B E S T P R A C T I C E # 1
29
29
DON’T
DON’T comment or speculate if
you don’t know details.
DO
DO be prepared for global
regulators/elected officials to scrutinize
your communications response.
DO be factual and share what you know,
in accordance with legal/regulatory
requirements.
DON’T communicate in a silo.
WE’RE ABOUT RESILIENCE
30. THE EARLY BIRD DOESN’T ALWAYS CATCH THE WORM.
C O M M U N I C A T I O N S B E S T P R A C T I C E # 2
30
30
DON’T
DO
DON’T proactively share
information that may still be
fluid (e.g., date range, number
impacted).
DO balance regulatory disclosure
requirements with remediating systems
and getting the facts right.
DO be mindful of state, federal and
international data breach disclosure laws
and timelines, and communicate
accordingly.
WE’RE ABOUT RESILIENCE
31. Questions & Answers
Doroff, Elissa EDoroff@lockton.com
Underwriting, Breach Response, First andThird Party Claims and Emerging
Coverages in Cyber andTechnology Liability
32. InThe Mind of a Hacker
R E A L L I F E P E R S P E C T I V E S F R O M A R A N S O M W A R E N E G O T I A T O R
33. Kurtis Minder is the CEO and co-founder of
GroupSense, a leading provider in Digital Risk
solutions. Kurtis built a robust cyber reconnaissance
operation protecting some of the largest enterprises
and government organizations.
Kurtis has been the lead negotiator at GroupSense
for ransomware response cases. He has successfully
navigated and negotiated some of the largest
ransomware, breach, and data extortion cases
world-wide.
With over 20 years in the information security
industry, Kurtis brings a unique blend of technical,
sales and executive acumen.
33
KURTIS MINDER
C E O A T G R O U P S E N S E
34. THE HISTORY OF GROUPSENSE
2014 2016 2018 2020
GroupSense combines forces with
FortSec to find stolen data from
credit card brands
STOLEN DATA DETECTION
Growing team gets tapped to run
cyber intelligence operations for
some of the largest security brands
PLAYING INTHE MAJORS
GroupSense raises their first
capital round and makes second
acquisition to grow breach
notification capability
GROWTH AND CAPITAL
GroupSense becomes the most
renowned ransomware negotiation and
response firm, continues to grow Digital
Risk product
RANSOMWARE
35. Connected IoMT
There are 430 million connected medical devices
worldwide.The number rises every day, creating an
expanded attack surface.
Data Management Services
With the adoption of new data management and
technologies, the attack surface in healthcare has
ballooned. A single attack on Electronic Health Records can
have devastating financial effects.
Third-Party Suppliers &Vendors
Third-party suppliers and vendors can lead to cybersecurity
challenges. They have direct access and privileges to the
hospital’s network and patient data.
Unpatched Systems
Many health care institutions use unpatched or outdated
hardware devices and software, which are prone to
ransomware attacks.
Network Issues
Health care facilities lack proper segmentation of the
network, which can increase the attack surface greatly.
Mergers and Acquisitions (M&A)
It is not uncommon for healthcare organizations to have
many mergers and acquisitions. An organization might be
more vulnerable if the acquired organization doesn’t have
up-to-date records of all its assets.
PITFALLS OF AN EXPANDED ATTACK SURFACE FOR
HEALTHCARE ORGANIZATIONS
36. 36
AUDIENCE POLL #4
Does your current incident response plan account for ransomware events specifically?
• Yes
• No
• I don’t have an IR plan
• What is an IR plan
37. 37
CYBERSECURITY CHALLENGES
More than a third of healthcare organizations were hit by a
ransomware attack in 2020 and of those, 65% said the
cybercriminals were successful in encrypting their data.
• Cybersecurity STILL is not a priority for many organizations
• Lacking familiarity with cybersecurity issues, nuances
• Difficult to assess risk, measure asset value
• “It won’t happen to me” syndrome
• “We have an incident response plan….”
38. 38
AUDIENCE POLL #5
Are you familiar with the terms of your Cyber Insurance policy as it relates to data breaches
and ransomware response?
• Yes
• No
• Why? Does it matter?
• I don't have cyber insurance
39. 39
COMMON MISCONCEPTIONS
• Cyber breaches are covered by general liability insurance or
misunderstanding of Cyber Insurance Policy fine print
• Compliance with industry standards is enough for a security
program
• Overconfidence that organizations won’t be breached
• You can’t prevent a breach (Why try so hard?)
40. WHY THIS SHOULD BE TAKEN SERIOUSLY
• Revenue Loss
• Brand and Reputation
Damage
• Private Employee
Information
• Patient Information
• Loss ofValuable Data
• GovernanceViolations and
Penalties (i.e., HIPAA)
• Business Disruption
• Legal Consequences
40
41. 41
HOW RANSOMWARE BREAKS THINGS
• Most organizations feel prepared for a ransomware attack, e.g.,
”We have backups”, “We have an incident response plan.” “We
have EDR/MDR”
• Brand / PR / Customer fallout is not considered
• Who is in the room?Who is in charge?Who owns the financial
component?
• Is the door really locked?
• OFAC?
• Law Enforcement?
• Outcomes…
44. 44
AUDIENCE POLL #6
You arrive at work to find you are under a ransomware attack. Everything is down, who do
you call first?
• Ghostbusters
• Mom
• Cyber Insurers
• CISO
• BlueTeam
• Incident response firm
47. 47
WORKING WITH LAW ENFORCEMENT
Reporting Ransomware Attacks:
• You should always alert law enforcement (such as the FBI) of a
ransomware attack
• It is not illegal to pay ransom, however the FBI does not support
paying a ransom in response to a ransomware attack
• GroupSense can support follow-on law enforcement and/or legal
responsive actions with hourly costs for time spent
48. Password Policy
Maintain and publish a password policy for your organization. The
policy should illustrate the importance of password security and
credential use in the organization.
Use a password manager
Use an enterprise-friendly password manager and require employees
to use this as part of the security program.
Enable Multi-FactorAuthentication Everywhere Possible
Enable the 2FA or MFA capability on everything used in the business.
This includes email, network access, remote access, and any web-
based applications.
Email Security and Email Policy
Have a strong policy about using corporate email for personal use.
Restrict access to personal mail on company assets.
Patch
Backups
Keep at least one manual backup of your data offsite in a secure
location.
Secure RemoteAccess
If remote access is required, use a zero-trust access method or aVPN.
Use two-factor authentication.
Digital Risk ProtectionServices
The indicators of compromise (IOCs) related to malware strains
associated with ransomware are quickly and easily available on the
internet.
SecurityAwarenessTraining
In order to combat threats, the team needs to be made aware of them.
PREPARE – REHEARSE - VALIDATE
52. • Ransomware attacks cost Healthcare $20.8B in 2020 during the height of the
Pandemic (Becker’s Hospital Review)
• Ransomware attacks contributed to patient diversions, delayed procedures,
negative outcomes and increased mortality rates (Ponemon Institute)
• On average hospitals suffering extended outages (2-3 weeks or more) took more
than 13 months to return to financial positions prior to breach (various)
• Healthcare still today budgets one half to one third what other industries budget
for cyber security despite data’s critical importance (various)
• We need to improve readiness, build greater resilience into our defenses, be more
proactive with security, and avail ourselves of every asset at our disposal
RESPONDING TO RANSOMWARE
M I S C O N C E P T I O N S & L E S S O N S L E A R N E D
53. 53
GAO STUDY ON CYBER INSURANCE
• IncreasingTake-Up – Number of organizations using cyber
insurance doubled
• Price Increases – Do to more claims, higher costs, some clients saw
20 – 30% increases in premiums
• Lower Coverage Limits – Healthcare and Education sectors
suffered reduced coverage limits due to increased cyber attacks
• Cyber Specific Policies – More specificity around what is covered,
what is not and greater underwriting requirements
WE’RE ABOUT RESILIENCE
Equates to less, for more, with more restrictions/requirements.
54. WE’RE ABOUT RESILIENCE
54
HEALTHCARE CYBERSECURITY IT SPEND FALLING BEHIND
5 % O F H O S P I TA L I T B U D G E T S G O T O C Y B E R S E C U R I T Y D E S P I T E 9 0 + % O F
H O S P I TA L S R E P O R T I N G B R E A C H E S
U.S. Healthcare estimated IT Market Spend
in 2020 was $80B7:
• Security estimated spend was $4B, while
it should have been $12B
• Healthcare is considerably behind all
other industries
3%
5%
10%
15%
0%
5%
10%
15%
20%
2015 2020
Percent of IT Budget Dedicated to
Cybersecurity
HealthCare Average Spend all Indsutries
Increased
ransomware &
threats
Rising cost of a
breach
Decrease to
cyber insurance
coverage
Security
budgets will
increase
7Allied Market Research
55. 55
THE PROBLEM
O R G A N I Z A T I O N S H A V E A F R A G M E N T E D V I E W O F E N T E R P R I S E R I S K
Expanding
Attack Surface
Numerous
Solutions
Multiple
Analysis
Ineffective
Integration
No Clear View of
Strategic Risk
Output from
100’s ofTools &
Solutions
Multiple Risk
Scores &
Assessments
CISO
Growing
Number of
Partners
Operational
Tempo
56. 56
RANSOMWARE IS A PATIENT SAFETY/CARE ISSUE
• Longer length of stays in hospitals
• Delays in procedures and tests have resulted in poorer outcomes
• Increases in patients transferred/diverted to other facilities
• Increased complications from medical procedures
• Increases in Mortality rates
WE’RE ABOUT RESILIENCE
Ponemon Institute 2021: Survey of 597 IT and IT Security Professionals
57. • Attacks are no longer a matter of if or even of when – they
are now
• The difference between those less impacted is readiness
and time
• Need to move from reactive/compliance based
approaches to proactive security
• Insurance and response are necessary and valuable parts
of the solution
• Increased readiness and resilience should be the focus of
our readiness
WE NEED TO SHIFT OUR PARADYM
C Y B E R R E S I L I E N C E
57
WE’RE ABOUT RESILIENCE
59. cynergistek.com
C Y N E R G I S T E K R E S O U R C E S : P O D C A S T | V I D E O S | B L O G
We are here to help!
Thank you.
Notes de l'éditeur
Elle-issa Door-off
Kurtis Min-der
Cyberattacks on health care systems spiked during the pandemic, threatening patient care and private data and cost healthcare organizations about $20.8B in lawsuits, ransom paid, lost revenue, fees to rebuild lost data and more.
Australian broadcaster Channel Nine was hit by a cyber attack on 28th March 2021, which rendered the channel unable to air its Sunday news bulletin and several other shows. With the unavailability of internet access at its Sydney headquarters, the attack also interrupted operations at the network’s publishing business as some of the publishing tools were also down. Although the channel first claimed that the inconvenience was just due to “technical difficulties”, it later confirmed the cyber attack.
In March 2021, the London-based Harris Federation suffered a ransomware attack and was forced to “temporarily” disable the devices and email systems of all the 50 secondary and primary academies it manages. This resulted in over 37,000 students being unable to access their coursework and correspondence.
One of the biggest cyber insurance firms in the US CNA Financial suffered a ransomware attack on 21st March 2021. The cyber attack disrupted the organization’s customer and employee services for three days as CNA was forced to shut down to prevent further compromise. The cyber attack utilized a new version of the Phoenix CryptoLocker malware, which is a form of ransomware.
A cyber criminal attempted to poison the water supply in Florida and managed by increasing the amount of sodium hydroxide to a potentially dangerous level. The cyber criminal was able to breach Oldsmar’s computer system and briefly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.
A mass cyber attack affected millions of Microsoft clients around the globe, wherein threat actors actively exploited four zero-day vulnerabilities in Microsoft’s Exchange Server. It is believed that nine government agencies, as well as over 60,000 private companies in the US alone, were affected by the attack.
On 20th March 2021, the multinational IoT device manufacturer Sierra Wireless was hit by a ransomware attack against its internal IT systems and had to halt production at its manufacturing sites. Its customer-facing products weren’t affected, and the company was able to resume production in less than a week.
A popular Canadian plane manufacturer, Bombardier, suffered a data breach in February 2021. The breach resulted in the compromise of the confidential data of suppliers, customers and around 130 employees located in Costa Rica. The investigation revealed that an unauthorized party had gained access to the data by exploiting a vulnerability in a third-party file-transfer application. Also, the stolen data was leaked on the site operated by the Clop ransomware gang.
The globally renowned computer giant Acer suffered a ransomware attack and was asked to pay a ransom of $50 million, which made the record of the largest known ransom to date. It is believed that a cyber criminal group called REvil is responsible for the attack. The threat actors also announced the breach on their site and leaked some images of the stolen data.
A cyber attack targeted the University of the Highlands and Islands (UHI), forcing the university to close all its 13 colleges and research institutions to students for a day. Security professionals uncovered that the attack was launched using Cobalt Strike, a penetration testing toolkit commonly used by security researchers for legitimate purposes. This incident is just another in a series of cyber attacks targeting the education sector.
Security software provider Accellion fell victim to a breach targeting its file transfer system FTA. Many of its clients were affected by the breach. Some high-profile organizations that got caught in the crossfire include grocery giant Kroger, telecom industry leader Singtel, the University of Colorado, cyber security firm Qualys and the Australian Securities and Investments Commission (ASIC). A lot of confidential and sensitive data stolen from various companies by exploiting the vulnerabilities in Accellion’s FTA tool was leaked online.
Just last week, Colonial Pipeline, fell prey to a ransomware attack causing it to shut down operations for just over 5 days. The voluntary shutdown by Colonial Pipeline which controls nearly half the gasoline, jet fuel and diesel flowing along the East Coast, was down in order to further prevent malware that had infected its back-office functions from spreading into the pipelines’s operating system. It is believed that even after paying an extortion demand of $5M in digital currency, the company found that the process of decrypting its data and turning the pipeline back on was painfully slow.
Slide 2: She wants a slide about GroupSense. You will be introduced and she wants to go into a little bit of detail on the company.
Slide 7: She doesn't want healthcare stats - the audience will be hit with them a lot before you come on.
Slide 8: She loved slide 8. Changed Medical Devices to IoMT in the header. She also loved the third-party supplier's piece. Focus on the severity of a ransomware attack - it's not just a business impact. People/patients are dying when a ransomware attack hits healthcare organizations.
Slides 14-16: They are going to want to hear stories of attacks.
Slide 18: Tie these keywords into the narrative of this slide: prepare, rehearse, and validate - they will tie nicely into their services. I changed the title of this slide - we can change it back if it doesn't work.
Slide 19: Can you focus on the word "resilient" and the message that it is better to be prepared and do the work upfront? The CEO will go after you and he'll hit that home and tie back to your presentation.
Ransomware attacks don’t just disrupt business – when a ransomware attack hits a healthcare organization – people/patients die. “Almost a quarter of healthcare organizations that were hit with a ransomware attack in the last two years said they had increases in patient death rates in the aftermath, according to a new report sponsored by cybersecurity company Censinet.”
The survey, in conjunction with Censuswide, looked at perspectives of over 2,000 potential patients in various industries and 400 IT professionals working in healthcare organizations from across the United States.
Rising Healthcare Attacks
33% of potential patients stated that they have been the victim of a healthcare cybersecurity attack.
Business Impact is Staggering
49% of potential patients said that they would change hospitals if their healthcare organization was hit by a ransomware attack.
Healthcare Critical Infrastructure Attacks
Hospitals are one of the biggest cybersecurity risks (49%), followed by the risk of inputting information into an online portal (31%), and staying in a hospital room with connected devices (17%).
Data from Sophos
Stats from earlier slide might be helpful:
2020 total downtime from ransomware attacks on the healthcare industry is an estimated 1,669 days.
The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019.
More than 93% of healthcare organizations experienced a data breach in the past three years.
The average bill to recover after a ransomware attack was almost $1.3 million for the healthcare industry.
2020 Healthcare attacks involved the theft or exposure of the protected health information of at least 18,069,012 patients.
A brief case study that outlines your role in dealing with ransomware actors
Discuss how you interface with the corporate victim, law enforcement, and the ransomware actors, and the challenges of dealing with each group
What you have learned about the ransomware actors:
Structure and modus operandi
Their knowledge of the corporate victim
What approaches have been successful (and what you consider to be a success in this area)
Recommendations for how law enforcement should deal with ransomware actors during the active case, and during the subsequent investigation
Tie these keywords into the narrative of this slide: prepare, rehearse, and validate - they will tie nicely into their services.
Being resilient – doing things up front. CynergisTek CEO will tie into this after he goes after you
Not prepared for what is happening
Cybercriminals are taking advantage of hospitals and medical practices focused on COVID-19
The 2020-2021 Healthcare Cybersecurity Report is sponsored by Herjavec Group, a leading global cybersecurity advisory firm and Managed Security Services Provider (MSSP) with offices across the United States, Canada, and the United Kingdom.
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Sep. 8, 2020
Healthcare spending in the U.S. — which is the highest among developed countries — accounts for 18 percent of the nation’s gross domestic product, or about $3.5 trillion, according to the Centers for Medicare & Medicaid Services, and that figure is projected to soar over the next decade.
One report predicts that global healthcare spending will rise from nearly $8 trillion (USD) in 2013 to more than $18 trillion in 2040.
By and large, the tantalizing target on healthcare’s back has been attributable to outdated IT systems, fewer cybersecurity protocols and IT staff, valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data.
Cybersecurity Ventures predicts the global healthcare cybersecurity market will grow by 15 percent year-over-year over the next five years, and reach $125 billion cumulatively over a five-year period from 2020 to 2025.
What’s driving this astronomical investment into cyber defense? Cyber offense. Namely, a vast number of wide-ranging hacks and data breaches launched on hospitals and healthcare providers.
Cybercrime Radio: Former FBI Agent & Cybersecurity Expert Scott Augenbaum
Healthcare suffers 2-3X more cyberattacks than financial services
Cybercrime Magazine · Retired FBI Special Agent Scott Augenbaum on Healthcare Cybercrime
A year ago, well before the COVID-19 pandemic, The Wall Street Journal reported that cyberattacks on healthcare providers and hospitals had intensified to the point where some doctors were turning away patients.
But wait, it gets worse.
Some healthcare centers turned off their lights and pulled the plug on their operations altogether. Apparently they couldn’t handle the post-attack disruption to their operations.
A medical clinic in Simi Valley, Calif. shut its doors after being infected by a ransomware attack. An ear, nose, throat (ENT) and hearing center in Battle Creek, Mich. closed after a data hack wiped out all of its files.
“Healthcare organizations experience very particular security challenges and it’s not because the cyberattacks are unique, but because of what’s at stake,” says Robert Herjavec, founder and CEO of Herjavec Group, a leading global cybersecurity firm and Managed Security Services Provider (MSSP).
IoT insecurity.
Kathy Hughes, CISO (chief information security officer) at Northwell Health, one of the nation’s largest healthcare systems, told Cybercrime Magazine that IoT (Internet of Things) devices are, in her opinion, computers with operating systems (OS), similar to other types of computers — and those devices are susceptible to the same cyber threats. She added that IoT devices have a small OS and that security is a bolt-on rather than built-in.
Inside jobs.
The insider threat is the number one security challenge for hospitals, according to Hughes, who is responsible for protecting 68,000 employees, which makes Northwell, a non-profit, New York state’s largest private employer.
More than half of insider fraud incidents within the healthcare sector involve the theft of customer data, according to CMU SEI (Carnegie Mellon University Software Engineering Institute).
COVID-19.
Hacking patients’ medical devices is a common cyberattack during the COVID-19 pandemic because more patients are using remote care, according to Natali Tshuva, CEO and co-founder of Sternum, an IoT cybersecurity company that provides medical device manufacturers with built-in security solutions.
The temporary and makeshift medical facilities being used to care for people infected with the novel coronavirus have created more vulnerabilities for hackers to exploit.
COVID-19 phishing exploded earlier this year, according to research from KnowBe4, a leading security awareness training provider. Many of the scams seemed to come from organizations such as the World Health Organization and the Centers for Disease Control. Already overburdened healthcare IT and cybersecurity teams have been tasked to keep up on these new threats.
Herjavec Group Helps with Phishing Scams
Protecting Sharp Healthcare, San Diego’s largest healthcare provider
Healthcare Cybersecurity Statistics
To sum up the state of cybersecurity in the healthcare industry, the editors at Cybercrime Magazine have compiled the following data points:
Cybersecurity Ventures predicts that healthcare will suffer 2-3X more cyberattacks in 2021 than the average amount for other industries. Woefully inadequate security practices, weak and shared passwords, plus vulnerabilities in code, exposes hospitals to perpetrators intent on hacking treasure troves of patient data.
Ransomware attacks on healthcare organizations were predicted to quadruple between 2017 and 2020, and will grow to 5X by 2021, according to a report from Cybersecurity Ventures.
The Secretary of U.S. Department of Health and Human Services (HHS) Breach of Unsecured Protected Health Information lists 592 breaches of unsecured protected health information affecting 500 or more individuals within the last 24 months that are currently under investigation by the Office for Civil Rights. 306 of the breaches were submitted in 2020.
In last year’s edition of the HIMSS Cybersecurity Survey, nearly 60 percent of hospital representatives and healthcare IT professionals in the U.S. said that email was the most common point of information compromise. This refers to phishing scams and other forms of email fraud.
24 percent of U.S. health employees have never received cybersecurity awareness training, but felt they should have, according to a report analyzed by Health IT Security last summer. This type of training is aimed at helping users detect and react to phishing scams, which initiate more than 90 percent of all cyberattacks.
More than 93 percent of healthcare organizations have experienced a data breach over the past three years, and 57 percent have had more than five data breaches during the same time frame.
While 91 percent of hospital administrators considered the security of data as a top focus last year, 62 percent felt inadequately trained and/or unprepared to mitigate cyber risks that may impact their hospital, according to research from Abbott.
Hospitals spend 64 percent more annually on advertising after a breach over the following two years, according to a Dec. 2018 report from the American Journal of Managed Care.
Four to seven percent of a health system’s IT budget is in cybersecurity, compared to about 15 percent for other sectors such as the financial industry, according to Lisa Rivera, a former federal prosecutor who is now focused on advising healthcare providers and medical device companies on matters related to civil and criminal healthcare fraud and abuse, as well as government investigations and enforcement.
IT research firm Gartner predicts that in 2020, more than 25 percent of cyberattacks in healthcare delivery organizations will involve the Internet of Things (IoT). To be clear, in medical terms, that means wirelessly connected and digitally monitored implantable medical devices (IMDs) — such as cardioverter defibrillators (ICD), pacemakers, deep brain neurostimulators, insulin pumps, ear tubes, and more.
Research from Oct. 2018 indicates that medical devices had an average of 6.2 vulnerabilities each; 60 percent of medical devices were at end-of-life stage, with no patches or upgrades available.
Cybersecurity blogger and author Brian Krebs reported late last year that hospitals hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts. This is according to a study by Vanderbilt University.
