Issue link: https://beckershealthcare.uberflip.com/i/1003496
66 CIO / HEALTH IT The cost of a data breach in healthcare averages $717k: 5 report findings By Julie Spitzer H ealthcare cyber insurance claims comprised 18 percent of all cyber claims submitted in 2017, but they represented 28 percent of total breach costs, according to the annual NetDiligence Cyber Claims Study. For the report, cyber risk management company NetDiligence reviewed cyber liability insurance claims reported across multiple industries and from several insurers to help risk management professionals understand the importance of data security. Here are five report findings. 1. Healthcare and professional services were the most breached sectors, each representing 18 percent of all breaches 2. The average cost of a breach was $394,000 — but in healthcare, the cost was much higher at $717,000. 3. Those costs covered crisis services ($249,000), legal defense ($121,000) and legal settlement fees ($255,000). 4. Hackers caused 27 percent of all breaches, while insiders were involved in 25 percent of all incidents. 5. Payment card information (67.2 percent) was most likely to be exposed, followed by protected health information (17 percent) and personally identifi- able information (15.7 percent). n Here's how Allscripts recovered from its January ransomware attack: 12 takeaways By Julie Spitzer I n January, Allscripts clients were locked out of their cloud-based EHRs for days when the security operations center was crippled by a ransomware variant known as SamSam — a favorite among hackers targeting healthcare organizations. To gain a better understanding of the cy- berattack's impact on the EHR vendor, CSO Online spoke with Allscripts about its inci- dent response plan and the lessons it learned throughout the ordeal. Here are 12 takeaways. 1. Hackers launched SamSam ransomware on Allscripts Jan. 18, 2018, and most customers reported they were offline or dealt with access problems for an entire week. Nearly 1,500 medi- cal practices were affected by the incident. 2. Allscripts' Professional EHR and Electronic Prescriptions for Controlled Substances ser- vices were hit hardest. Many customers could access the cloud but not the database. 3. In public comments Allscripts explained ser- vices in some regions were restored, although many clients in those areas said they didn't have access. When asked about the conflicting public statements and its clients' reports, the company said: "Allscripts serves a wide range of clients in a variety of individual circumstances. Accordingly, they experienced different effects as a result of this incident. ere were a range of circumstances involved with getting particular systems back online and we addressed each of them as quickly as possible." 4. Allscripts began its response by first detect- ing and identifying the ransomware issue. e EHR vendor then started severing connections with their affected data centers — those in Ra- leigh, N.C., and Charlotte, N.C. — to contain the attack. e company called in help from Cisco, Mandiant and Microso. 5. In a statement provided to CSO Online, Allscripts said hundreds of personnel worked to resolve the attack. It added that the first 24 hours were an "intense swirl of many techni- cal, business and other practical challenges." 6. Allscripts said it prepared employees for vari- ous incidents, but it's not clear whether ransom- ware attacks were a part of their trainings. 7. When CSO Online asked Allscripts how it prepared for a ransomware attack, the com- pany said: "Keep in mind that there were no antivirus signatures available for this SamSam variant at the time it struck Allscripts. is was an entirely new, zero-day variant of SamSam ransomware that had never been identified previously by Cisco, Microso or the FBI. We were able to contain it within minutes, and then begin the intense work of restoring those client services that were affected." 8. reat intelligence experts told CSO Online the best way to defend against SamSam is to un- derstand signatures because endpoint defenses are not enough. Instead, a combination of endpoint defenses, patch management, limiting system functionality and limiting user permis- sions should be applied. 9. Aer the vendor identified and contained the threat, Allscripts had to clean and restore its systems before testing them and bringing them back online. Before Allscripts did this work, the company had to ensure it knew how the at- tack happened and needed to implement extra security layers to prevent similar incidents. 10. While the EHR vendor updated its custom- ers daily — sometimes more — Allscripts CEO Paul Black, in a Jan. 26 letter to customers, ex- plained plans to replicate its Pro EHR across multiple data centers, as well as refreshing the technology "to shorten our recovery time in the event of any future disruption." Howev- er, Allscripts told CSO Online it didn't use its replication services to aid in the restoration process. 11. e No. 1 issue with Allscripts' response was communication, according to CSO Online. Up- dates from support representatives didn't always line up with reports from customers, who grew frustrated with Allscripts. However, the compa- ny was being truthful: its services were live, but clients' access was still thwarted. 12. Overall, Allscripts was able to restore its services within 24 hours, even if customers were down or experienced issues for at least six days. n