April 23, 2024
Discover how ransomware simulations and developing an incident response plan can help mitigate the disruption of a ransomware attack.
Responding to a cyber incident – a guide for CEOs National Cyber Security Centre
A hotly debated flashpoint in the cybersecurity community is getting renewed attention as healthcare stakeholders work to rebound from a major ransomware attack that’s roiled the U.S. health insurance market over the past month.
The Feb. 21 Change Healthcare ransomware attack carried out by the ALPHV/Blackcat hacking gang has delayed prescription fillings and led to cash crunches at clinics and other facilities. The American Healthcare Association said that 94% of hospitals are signaling financial impact due to the incident, with some providers losing upwards of $1 billion per day in revenues.
Change Healthcare reportedly made a $22 million ransom payment to the hackers. Soon after, the cybercrime collective appeared to stage a fake takedown of their own site. But analysts expect the group to reemerge under a new name.
The U.S. over the past year has been working with international partners to take a firm stance against ransom payments, though surveyed experts have not agreed on a single policy.
Some cyber industry leaders say that paying ransoms should be banned because it emboldens cybercriminals and helps fund more illicit activities, and that, in some cases, paying a ransom does not necessarily guarantee that compromised data will be returned.
Others argue that total bans put too much pressure on victims, and that sometimes payments need to be made in order to recover vital systems, like those seen in hospitals and critical infrastructure.
In a briefing with reporters Monday, the Department of Health and Human Services said it has not yet taken an official position on whether ransom payments should be banned, and later told Nextgov/FCW it would defer to the National Security Council and FBI on the matter.
The White House is maintaining its previously established position that ransoms should not be paid because payment incentivizes cybercriminals to conduct more ransomware attacks.
The Biden administration “strongly discourages paying of ransoms, to stop the flow of funds to these criminals and disincentivize their attacks,” Anne Neuberger, deputy national security advisor for cyber and emerging technology at NSC said in a statement to Nextgov/FCW.
The FBI declined to…
(Moorhead, Minn.) — Clay County officials say they discovered a cyber incident involving personal information relating to individuals the county serves.
According to a letter sent to Clay County residents, the county says they “are not aware of any misuse of any information involved in this incident.” Beginning on December 22, 2023, Clay County mailed notifications to individuals whose protected health information and/or personal information was impacted by this incident.
On October 27, 2023, Clay County determined that its network had been impacted by a ransomware attack that affected the electronic document management system (“CaseWorks”), which is hosted by Clay County and used by other Minnesota County social services entities. Clay County immediately initiated its incident response process and began working with its local information technology partner to investigate, to securely restore operations, and determine the effects of the incident. Clay County also worked with a nationally recognized digital forensics firm to assist with the investigation and notified federal law enforcement and the Minnesota Department of Human Services.
Through the investigation, Clay County determined that there was unauthorized access to its network between October 23, 2023 and October 26, 2023, and that the cyber criminals responsible for this attack took some data from Clay County’s network. As soon as Clay County learned this, it started notifying the other impacted counties and began an extensive review to determine what information may have been involved and who may have been affected, so that we could provide notice.