Blogs Home
Tuesday, July 27, 2021 11:00 AM

What Healthcare Organizations Can Learn from the Kaseya Ransomware Attack

Written by Dawn Dorr, Privacy and Security Customer Success


A few weeks ago, the largest global ransomware attack on record occurred, and cyber criminals demanded $70 million in ransoms. While this attack targeted the large-scale global software company, Kaseya, it impacted between 800 and 1,500 businesses of various sizes and industries. The hacker group behind the attack also previously targeted and successfully breached the Las Vegas-based University Medical Center in late June of this year.

It’s clear that a ransomware attack can happen to anyone at any time. Black Book Market Research predicted that cyberattacks on the healthcare industry would triple in 2021. Smart organizations are learning from other’s mistakes and are finally taking cybersecurity more seriously. The same study revealed that the healthcare industry is estimated to spend $134 billion on cybersecurity from 2021 to 2026.

As we move into the second half of the year, healthcare organizations can’t wait until next year to come up with a security strategy you need to act now. Here are six steps you can take right now to protect your organization against cybercriminals.

1. Conduct Regular Backups
Secure backups play a vital role in restoring the functionality of your system and networks if you fall victim to a ransomware attack. Your best solution is to set up automated backups to at least two different methods, each stored in different locations like an off-site server or the virtual cloud.

2. Rethink Your Password
Cybercriminals are masters at cracking passwords. That’s why it’s so important that organizations incorporate robust password security protocols within their cybersecurity strategy. Ensure employees update their passwords regularly and encourage the use of a password generator tool to create stronger passwords.

3. Implement Multi-factor Authentication
Multi-factor authentication makes it more difficult for criminals to steal information or break into your accounts. It’s also a great way to ensure compliance because you have to “prove” you are who you are on multiple devices, which is inherently more difficult for a hacker to do.

4. Train Your Team on Best Practices
We always talk about cybersecurity as an evolving landscape, but what does that really mean to your employees? Maximizing security is everyone’s job, and employees need to be up to date on the latest tactics like avoiding malware, phishing attempts, and other scams. They should also know who to contact if they encounter a security issue or have questions.

5. Perform Network Assessments
HIPAA compliance standards require that you perform regular penetration tests and vulnerability assessments. But really, that’s only the bare minimum. Network assessments should occur whenever there’s a significant change to your data environment to ensure no security gaps are left open.

6. Know When to Call the Experts
You have to remember that cybercriminals aren’t just criminals they’re experts in getting what they want. Your best defense is to have an expert offense. That’s why we’ve partnered with the leaders in cybersecurity to deliver a comprehensive solution, Covalence. Covalence detects suspicious activity on the host, network, or cloud, identifying any abnormal logins. If a hacker were able to bypass authentication, Covalence would see that the login is from a suspicious location, and the experts would jump into action. Additionally, compromise indicators can spot malicious activity on your system or network.

If you need help securing your healthcare organization, request a meeting with our experts. We’ll discuss your current cybersecurity challenges and how you can stay protected against cybercriminals and ransomware attacks.