Change Healthcare, a healthcare-billing services firm, fell victim to a ransomware attack by the BlackCat gang in February. This breach highlighted several key security failures within the organization, including the lack of adequate protection for its Citrix remote-access portal, the absence of mandatory multifactor authentication (MFA) for employees, and the failure to implement a robust backup strategy. As a result of these shortcomings, Change Healthcare suffered a devastating cyber incident that cost its parent company, UnitedHealth, at least $872 million.
The absence of cyber insurance further exacerbated the financial impact of the attack, as UnitedHealth had to bear the full cost of remediation without the support and guidance of a cyber insurer. This incident underscored the importance of having a comprehensive cyber insurance policy in place to mitigate financial losses and leverage the expertise of insurers in navigating the complex landscape of cybersecurity threats. Insursec firms, which provide a combination of insurance and security services, offer valuable insights into effective cybersecurity strategies, such as the importance of backups, MFA, and secure remote-access systems.
The escalating frequency and severity of ransomware attacks in recent years have emphasized the critical need for organizations to implement robust security controls and technologies. According to Jason Rebholz, the Chief Information Security Officer at Corvus Insurance, ransomware incidents have surged, with attackers listing the names of over 1,200 victims on leak sites in the second quarter of 2024. This alarming trend underscores the importance of focusing on specific security measures to prevent and mitigate the impact of cyber incidents.
Cyber insurance has emerged as a best practice for organizations looking to bolster their security posture and financial resilience against cyber threats. A significant majority of security-mature companies have adopted cyber insurance policies, recognizing the value of this proactive approach to managing cyber risks. Insursec firms like At-Bay are at the forefront of driving effective cybersecurity strategies by leveraging data-driven insights to strengthen defenses against evolving threats.
One of the key strategies recommended for companies to defend against ransomware attacks is to prioritize email security and VPN protection. Studies have shown that organizations using secure email systems, such as Google Workspace, experience fewer claims compared to those with on-premise email systems. Similarly, companies relying on self-managed VPNs face a higher likelihood of filing ransomware claims, underscoring the importance of investing in robust security measures to deter cyber threats.
In addition to enhancing email and VPN security, businesses should prioritize backup and disaster recovery strategies to minimize the impact of ransomware incidents. Companies with robust backup policies are significantly less likely to pay ransoms, with Corvus Insurance advocating for a 3-2-1 backup policy as a best practice. By maintaining multiple backups across different types of media and locations, organizations can enhance their resilience and reduce the financial toll of cyber attacks.
Furthermore, the risk posed by third-party breaches has become a growing concern for organizations, with attackers targeting aggregators that have privileged access to multiple companies. Third-party breach events accounted for a substantial portion of cyber insurance claims in the second quarter of 2024, highlighting the need for rigorous vetting and monitoring of third-party partners. By proactively addressing third-party risks and strengthening supply chain security, organizations can better protect themselves against potential disruptions and financial losses.
In conclusion, the ransomware attack on Change Healthcare serves as a stark reminder of the importance of implementing robust security controls, investing in cyber insurance, and prioritizing backup and recovery strategies. By adopting a proactive approach to cybersecurity, businesses can fortify their defenses against evolving threats and mitigate the financial impact of cyber incidents. Embracing best practices such as email security, VPN protection, and third-party risk management will be critical in safeguarding organizations against the growing threat of ransomware and cyber attacks.