Ransomware attacks such as at South Bend’s Allied Physicians are becoming common

May 25--The recent ransomware attack at Allied Physicians is becoming increasingly common across the country as thieves and even nations are looking for ways to make easy money off businesses and individuals.

In fact, it's becoming so common that all of us should assume our personal information is available to unscrupulous people and take precautions to protect ourselves, according to security experts.

"We've seen a steady increase in data breaches and data security incidents," said Doug Swetnam, section chief of the Indiana attorney general's data privacy and identity theft unit. "The number of cases has been going up about 30 percent each of the past four years."

The thieves who attacked Allied Physicians in South Bend used a variety of ransomware known as SamSam. The 40-physician practice, which operates out of University Commons Medical Plaza across from University Park Mall in Mishawaka, became aware of the attack on May 17 and immediately shut down its network.

In a release issued on Monday, the company said it was able "to restore its data in a secure format without any significant disruption of services to its patients." It also wouldn't say "whether a ransom was paid or, if so, the amount," and it indicated it is working to ensure its personal and protected information was not released.

"The security of our patients' personal and protected health information is foremost in our mind," Shery Roussarie, CEO of Allied Physicians said in the release. "While we make every effort to keep ahead of these types of cyberattacks, we have nevertheless taken additional steps to minimize any such future attack of the type experienced last week."

Allied Physicians said it would provide additional information as necessary in the future, but couldn't say more at this point in time since the investigation is ongoing.

Whether or not Allied Physicians and investigators determine personal information was not gained by the cyber criminals, it would be safest for people to assume that their information was compromised, according to security experts.

"It would be hard to prove that records haven't been made," said Scott Shackelford, a cybersecurity expert and associate professor of business law and ethics at Indiana University's Kelley School of Business.

SamSam works by gaining access to a computer system and encrypting all of the data so that it is useless unless a ransom is paid. Once that happens -- generally with Bitcoin or some other type of cryptocurrency -- thieves provide a key to unlock the data.

"This is only getting worse," said Shackelford, adding that cyberattack tools are available for rent on the dark web -- that portion of the web that generally cannot be accessed by traditional search engines.

Earlier this year, Hancock Regional Hospital in Greenfield, Ind., paid about $50,000 in Bitcoin to get its records back. According to reports, the criminals gained access to the hospital system by using a remote-access portal. Adams Memorial Hospital, southeast of Fort Wayne in Decatur, Ind., also was hit earlier this year along with other healthcare agencies and governments.

Eugene Spafford, a computer science professor at Purdue University and a leading security expert, said such viruses can get into a network when an employee clicks on a link in an unsolicited email. Besides when an employee accidentally opens a door, thieves also get in when the locks are bad or even non-existent -- meaning there are holes in the network software.

Businesses and individuals can protect themselves, Spafford said, by making sure they have good backups of data and that email attachments aren't opened, especially if they're unsolicited. In addition, software should be up to date to ensure windows and doors are properly bolted, and networks should be segregated so that hackers can't just go through your entire house once they break in -- in other words employ locks at each room.

"No matter how they get in, it generally involves negligent behavior," said Spafford, adding that payment of the ransom is no guarantee that you're going to get your files without paying even more ransom or that they won't be destroyed.

The threat of hackers stealing information or encrypting data with ransomware is among the many threats faced by businesses and individuals these days and results in higher costs for those who are vigilant.

Because of the ever-growing threat from hackers, Crowe Horwath and others provide a wide variety of help for businesses, said Jared Hamilton, leader of healthcare cybersecurity for the firm.

"Ransomware is becoming pretty prevalent," said Hamilton. "Payments are usually in the thousands of dollars, not millions. They don't want it so high that it can't be paid."

Among the many services it provides, Crowe actually will test a company's security to see if there are any vulnerabilities, make recommendations on the needed fixes and develop a response plan in the event of an attack, among other things.

The attorney general's office says it is best to assume that we all could come under attack at some point.

"The internet is great, but it's made us accessible to criminals from all over the world," said Swetnam. "And the United States is the main target."

It's recommended that companies spend 10 percent of their IT budget on security, and consider purchasing cyber insurance in the event of a costly incident.

"If you do business in a tough neighborhood, you invest in lights, cameras and other security devices," said Swetnam. "Added security will result in higher costs of doing business and that will ultimately affect all of us."

But to ignore the problem could lead to bigger problems.

"The costs can be significant," he said. "But not to take every precaution could put you out of business."

___

(c)2018 the South Bend Tribune (South Bend, Ind.)

Visit the South Bend Tribune (South Bend, Ind.) at www.southbendtribune.com

Distributed by Tribune Content Agency, LLC.