HealthCareInfoSecurity turned to privacy, cybersecurity and data strategy counsel Jason G. Weiss for his reaction to Magellan Health’s announcement that it was hit by a ransomware attack that involved the exfiltration of certain employee data.
In the article “Ransomware Attackers Exfiltrate Data From Magellan Health,” Weiss commented on the cyberattack, highlighting how cybercriminals' tactics are changing.
He told the publication that the industry is "seeing the evolution into an even more dangerous and chaotic attack scheme against health care providers, government institutions and other business entities where ransomware is no longer the genesis of a cyberattack but just another tool in what I have referred to as the 'disruptionware' toolkit."
"Disruptionware not only has the ability to release ransomware attacks as one of its many malicious tools, but disruptionware can also torment its victims in other ways, such as attacking the victim's infrastructure in an attempt to literally and physically shut down the victim business," he added.
The article further explains that health care entities and other organizations involved in COVID-19 response – and especially research – are increasingly attractive targets for ransomware attacks and other security incidents.
"COVID-19, at least for now, is changing all the typical rules," said Weiss. "There are literally billions, if not trillions of dollars involved in the support of the U.S. and the global economy in a search for a 'cure' for this pandemic. This has made COVID-19 medical research facilities target number one for cybercriminals looking to find and steal whatever information they can in a global race to find a successful vaccine."
To guard against attacks, Weiss advises organizations to "first and foremost, keep your COVID-19 research off the internet. Use isolated networks with no internet connectivity so you can prevent outside attacks. Firewalls are only as valuable as the people who configure them. No cyber defense is full proof except not having connectivity in the first place."
According to Weiss, organizations also must be extremely diligent about preventing insider attacks. For example, these can involve employees "who have either been co-opted or have sold out to the highest bidder in an attempt to make money from cybercriminals looking for someone on 'the inside' to help steal data from these types of research facilities."