The risk of ransomware underscores the importance of compliance.
On August 11, a joint Cybersecurity Advisory (CA) was issued by Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warning about Zeppelin Ransomware and its emphasis on this particular malware family’s focus on the healthcare sector. The highlights of the CA are as follows:
Notably, “[t]he FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys.” (emphasis added).
As my colleague, Peter Vogel, recently blogged, “[o]rganizations lack sufficient levels of cyber-insurance coverage to protect themselves in case of a ransomware attack, with just 14% of businesses with 1,400 or fewer employees boasting coverage limits above $600,000.” This is significant because as the 2022 IBM Cost of a Data Breach Report 2022, the average data breach cost increased from $4.24 million to $4.35 million between 2021 and 2022. Some key take aways include:
With these two issues in play, it underscores the importance of compliance. A preventative measure that is essential is continual security training with an emphasis on phishing, spear phishing, and other types of phishing attacks. An annual risk analysis that comprehensively evaluates the relevant technical, administrative, and physical safeguards.
Rachel V. Rose, JD, MBA, advises clients on compliance, transactions, government administrative actions, and litigation involving healthcare, cybersecurity, corporate and securities law, as well as False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.