Tartle Best Data Marketplace
Tartle Best Data Marketplace
Tartle Best Data Marketplace
Tartle Best Data Marketplace
June 16, 2021

Ransomware Attacks Healthcare Data. Cybersecurity and Big Data

Ransomware Attacks Healthcare Data. Cybersecurity and Big Data
BY: TARTLE

Ransomware!

The rise of the digital age has brought with it a lot of benefits. More efficient operations, better data sharing, faster customer service, next day delivery, and access to information at the drop of a hat. However, it also comes with a dark side or two. One of those dark sides is the advent of ransomware. 

Nearly every week there is news of a significant data breach at a major corporation and many of those breaches involve some kind of ransomware. Ransomware comes in various forms. In broad strokes, it is software installed by blackhat hackers that can be used to disable or disrupt that corporation’s operations unless the hackers are paid to remove that software. There are a lot of ways those disruptions can occur. They can lock down your servers, threaten to steal private data, threaten to release said data, threaten to release a virus into your system, or release a virus and then demand payment to get rid of it. 

No matter what form it takes, ransomware is a menace and one that is growing, it currently is tied to about half of the data breaches in the healthcare industry. Given the intimacy of the data there and the importance of hospitals being able to keep their systems running, this is very concerning.

So, how do they get in? There are lots of ways that a creative and malicious hacker can get into a company’s servers. One of the more common and ironic ways they do this is by looking for backdoors in that company’s VPN. Once they are in, it is fairly easy to take control of an entire organization’s data and threaten to delete or release it. What is particularly galling is that they tend to take the ‘nice guy’ approach. The hacker group will email the target organization and just inform them that they noticed there was this problem and some bad things ‘could’ happen. Unless you pay them to ‘fix’ it of course. ‘Hey, buddy, nice servers full of data you have there. Sure would be a shame if something happened to them.’ So, you can pay them, or take a chance that might allow them to delete or release your data. None of those options is good. Paying them just incentivizes the behavior. Letting them delete the data would be a massive loss (unless you have a backup). And of those options, it could be argued pretty convincingly that the release of data is the worst. After all, in that situation, everyone knows that you got hacked and no one believes they can trust you with their data anymore. You could always get your IT department on the job and fix the issue themselves. However, that often takes a lot of time, time that the hackers will most likely not allow. 

Fortunately, the various VPNs that are available are getting on top of this and frantically plugging all those backdoor security holes. However, you actually need to update your software. If you don’t, you miss all those fresh new security updates and you are leaving yourself open to attack. And honestly, if you are being lazy about updating your VPN or antivirus software, then you really only have yourself to blame if you get attacked. Or if your IT department isn’t staying on top of it, get new IT people. The dangers of leaving yourself exposed are not exactly a secret. If the issue isn’t with them, but with the software company not releasing updates fast enough, get your IT people to find new software. There are a lot of options out there. 

One option that you as an individual can take is to sign up with TARTLE. The data we store is double encrypted – we can’t even get at it. That adds security to your data and puts you back in control. Companies can join us as well and include their data as part of the TARTLE data marketplace. That way you are putting your data further out of reach of bad actors and opening up another revenue stream as well. 

What’s your data worth? Sign up and join the TARTLE Marketplace with this link here.

Summary
Ransomware Attacks Healthcare Data. Cybersecurity and Big Data
Title
Ransomware Attacks Healthcare Data. Cybersecurity and Big Data
Description

The rise of the digital age has brought with it a lot of benefits. More efficient operations, better data sharing, faster customer service, next day delivery, and access to information at the drop of a hat. However, it also comes with a dark side or two. One of those dark sides is the advent of ransomware. 

Feature Image Credit: Envato Elements
FOLLOW @TARTLE_OFFICIAL

For those who are hard of hearing – the episode transcript can be read below:

TRANSCRIPT

Speaker 1 (00:07):

Welcome to TARTLE Cast with your hosts, Alexander McCaig and Jason Rigby. Where humanity steps into the future and source data defines the path.

Alexander McCaig (00:24):

Good morning all of our TARTLE listeners, people. Not users, because users are-

Jason Rigby (00:31):

People!

Alexander McCaig (00:31):

Yeah. It's all people.

Jason Rigby (00:33):

People of the world!

Alexander McCaig (00:34):

Users, it's like a drug thing.

Jason Rigby (00:36):

Yeah. It's really cool to see. Here, lately, we've been... I mean, we're almost this month tripled our downloads for Tcast this month compared to last month, which we broke our record last month. So, I just love you guys being on here, and we're breaking records on YouTube. It's Monday morning, some people woke up to being so frantic because they got an email in their inbox saying that their servers are locked down.

Alexander McCaig (01:06):

Yeah. And you're not going to have any access unless you pay us.

Jason Rigby (01:10):

Ransomware.

Alexander McCaig (01:13):

Yeah. Ransom.

Jason Rigby (01:14):

That word ransom.

Alexander McCaig (01:15):

Yeah. If you have a hostage situation, they want a ransom before they shoot the hostage, in most movies.

Jason Rigby (01:23):

Yeah, but for sure in real life too.

Alexander McCaig (01:26):

Yeah. So what we're looking at here is, how does that happen in a digital format? So in case someone wants to know what ransomware is. Most of these things happened with like a VPN. So, you're using an encrypted pipe for your Internet traffic to get into your servers, to make sure that if you have access to this VPN, then you can go in there and start manipulating any sort of data. So the ransomware, what it does is it looks for these backdoor encryption holes in the security, where they can get in there and then take over control of the VPN, which means then they shut off everybody's access to these servers.

Alexander McCaig (02:02):

And then they're the ones that have access to the servers. And the company does not. So then after they'd gained access through this back door security hole, they're like, "Well, do you want this important information to you? You're going to have to pay." This is a hostage situation. "We're holding your data hostaged, your servers, your processing." Where you're like, "Well, crap, I need that." So it's either you pay them or if you don't, then what they're going to do instead... They can shoot the hostage. They can delete all your data or they can expose private information to the public.

Alexander McCaig (02:33):

And then you're really screwed. And for personally identifiable info, a large target of this has been healthcare, healthcare data. And I was wondering, could you hit one of the percentages here that this gentleman, Danny Palmer, wrote about in his article?

Jason Rigby (02:49):

Yes. He said ransomware attacks now to blame for half of healthcare data breaches.

Alexander McCaig (02:54):

Half.

Jason Rigby (02:54):

So when you think about half, and he goes, "As a result, ransomware is now responsible for 46% of healthcare data breaches. More than 35% of all breaches are linked to ransomware attacks resulting in often tremendous financial costs."

Alexander McCaig (03:07):

Yeah. So there's been a security update that's come out to fix these, to patch these security holes in the VPNs, but not all the companies have done this.

Jason Rigby (03:18):

Right.

Alexander McCaig (03:19):

So that tells me that 46% of these companies still leave that hole open. So 46% of all financial healthcare data that's stored on a server, not financial, but healthcare data that's stored on a server is just like it's open fair game for nation state hackers and regular ransomware groups.

Jason Rigby (03:36):

Yeah. And the emails that come out or the way that it's perceived, they look like the nicest hostile situation ever. They're not wearing ski mask and being mean. They're like, "Hey, we noticed this. We're here to help."

Alexander McCaig (03:56):

What does that remind me of? What's that syndrome when you've been a hostage for so long?

Jason Rigby (04:00):

Stockholm syndrome.

Alexander McCaig (04:01):

It's like, "Okay, you are here to help."

Jason Rigby (04:04):

Yeah. "Okay, cool. Yeah, perfect."

Alexander McCaig (04:07):

"Oh, help me." "Yeah. Good."

Jason Rigby (04:07):

"Here here's a million dollars in Bitcoin." I like the double extortion technique, though.

Alexander McCaig (04:12):

Auditing part of your company is just like, "Ah, crap." Like, "How are we going to get all this Bitcoin now?"

Jason Rigby (04:18):

Yeah. Exactly. They said these double extortion techniques [inaudible 00:04:22] extra leverage to force victims of ransomware attacks to give and pay the ransom rather than taking the time to restore the networks themselves. For healthcare, the prospect of data being leaked on the Internet is particularly disturbing. And it can involve sensitive private medical data alongside other forms of identifiable personal information of patients. So, healthcare data is really valuable.

Alexander McCaig (04:40):

Yeah. Because it's also linked to your insurance. It's got your social security. They got to make sure you're a citizen and then where you live, everything you do, what the doctor said about you.

Jason Rigby (04:47):

So if somebody wanted to give their healthcare data as a packet and they wanted to sell that on TARTLE, if somebody is worried about their privacy or fear, because healthcare data is worth a lot. I'm like, yeah, I have my health care file. I would love to be able to sell it and make some money to help the world. But at the same time, I don't want something like this happening.

Alexander McCaig (05:10):

Well, you don't have to worry about ransomware. You're the one taking control. It's not sitting on some third-party server and they lack some quality security for you. It's like, I want to access my information and I want to store it in this data bank, in the TARTLE marketplace, keep it nice and safe. And no one's going to hold the ransomware against me. And also if somebody goes to try and steal it, we have the double encryption algorithm on all of our stuff. We can't read it. Someone on the outside couldn't read it unless they had a specific private key that you would have to then go share this private key with this individual after they've...

Alexander McCaig (05:45):

First of all, you got to hack through the first wall. And then after you're through the first wall on our servers, you got to go into the next one of an individual data packet. And then you got to try and hack that. It is not conducive. You don't have the computational power to do so. That's like saying, "We can falsify the blockchain." It's ridiculous. You should feel safe in knowing that I've taken my data from the healthcare provider and I put it into something that I have control over, and I know that no one's ever even going to be able to read it. Not even TARTLE, who hosts those servers.

Alexander McCaig (06:14):

But for the medical company, they can read whatever they want. They have the ability to go in and just be like, yeah, this is this, this, this, this, this, this. But because we don't have an incentive to look at your data, we can double or triple down on security where other companies don't have the ability to do so. Does that make sense?

Jason Rigby (06:30):

Yeah, no, that makes perfect sense. And I kind of want to close in this. Business leaders, I want you to understand, and this article talks about this, it's leaders-

Alexander McCaig (06:37):

Exudes ties.

Jason Rigby (06:38):

Yeah. All that. Yeah, leaders.

Alexander McCaig (06:39):

"Sign this for me, sir."

Jason Rigby (06:42):

If there's an easy way to protect yourself from falling victim to ransomware and cyber attacks, it's apply the patches when they're released. In fact, you can get a notification, whether it's email or text, that lets you know when a patch is immediately released. And make sure that your IT guys are on this, these patches, that's how they're getting through.

Alexander McCaig (07:01):

If they're not, fire them.

Jason Rigby (07:02):

Yeah. Exactly.

Alexander McCaig (07:03):

Yeah. Otherwise, I don't feel bad for you if you get a lawsuit from the public because you had an experience in credit leak, whatever it might be. You're well deserving that because you were not being responsible.

Jason Rigby (07:14):

Yeah. And then any application that they're no longer getting security updates on, make sure that you-

Alexander McCaig (07:21):

Get a new application.

Jason Rigby (07:21):

Yes. And then, you find a new software.

Alexander McCaig (07:25):

Yeah. Go find a new software. If these people don't want to update anymore, guess what? Get the IT department guys together, okay? We got to retune some wires. We're going to patch this into here because that's not working for us.

Jason Rigby (07:35):

Yeah. Make sure that the software is relevant, that it's releasing patch updates, and then apply them immediately.

Alexander McCaig (07:44):

Yeah. Be responsible, be ethical. And if data's an asset to you, make sure you take care of it properly.

Jason Rigby (07:47):

Because it's people.

Alexander McCaig (07:48):

Do you want to let your car outside unlocked in a rough part of the town? Probably not. With your purse and your cell phone and your wallet on the inside, maybe a social security card, and the trunk's full of cash. You don't just going to park that ad hoc. You're going to make sure you have the best security. You're going to valet that thing. You'd park it deep in the garage and you're also going to make it look like no one can see through the windows. You want to tint that stuff.

Jason Rigby (08:14):

Right.

Alexander McCaig (08:15):

Take those precautionary obvious measures, especially if it's something that is not yours in the first place.

Jason Rigby (08:21):

Yeah. And if you want to have that car that has the tinted windows, that's bulletproof, that's sitting in that perfect secure garage. How would you purchase data through TARTLE?

Alexander McCaig (08:29):

That's great. If you're a data buyer and you want to work with our suite, completely agnostic double encryption system, you can do that by buying healthcare data through TARTLE. You can sign up in about 30 seconds. You can get started as a buyer, and you can look at all that data and you can start to assimilate it. And you can know that it's safely stored over here, rather than you taking up this huge liability over here. And when you go to get it, it's coming from an individual. So they already consented to hand it to you. It's a really nice encrypted, safe, consentful, equitable transaction.

Jason Rigby (09:03):

It's a TARTLE exchange.

Alexander McCaig (09:04):

It's an exchange, as it should be.

Jason Rigby (09:06):

Yes.

Alexander McCaig (09:06):

Yeah.

Jason Rigby (09:07):

Perfect. Thanks, Alex.

Alexander McCaig (09:09):

Hey.

Jason Rigby (09:09):

What?

Alexander McCaig (09:10):

Update your software.

Jason Rigby (09:12):

I will, I will.

Speaker 1 (09:20):

Thank you for listening to TARTLE Cast with your hosts, Alexander McCaig and Jason Rigby. Where humanity steps into the future and the source data defines the path. What's your data worth?