The Changing Cyber Risks Faced by Senior Living Communities
When managing risk in senior living environments, the focus has traditionally been on physical safety, professional errors, contractual liability, and other forms of risk. However, today’s rapidly changing risk landscape calls for a comprehensive enterprise risk management approach that includes cybersecurity. Cyber threats can have a significant impact on an organization’s bottom line, brand reputation, and, most importantly, resident safety.
Cyber threat actors (bad actors) use multiple attack strategies, with ransomware being the preferred method. Ransomware is often spread through phishing emails and, once inside a network, it can quickly lock down all data, including devices, servers, phones, and other integral parts of an organization. The attackers then demand large sums of money in exchange for the release of data. Refusal to pay may result in the destruction or release of sensitive data. This can lead to legal costs, business interruption, IT forensics investigation costs, regulatory fines, and other expenses.
For senior living environments, the impact of ransomware attacks can be especially devastating. According to Cisa.gov the average ransom payment was $322,168, and the average downtime was 20 days. This could result in critical life-supporting medical devices and electronic medical record systems becoming inaccessible, jeopardizing the safety and care of residents.
Preventing and Mitigating Ransomware Attacks
To prevent and mitigate ransomware attacks, it is crucial to have a comprehensive understanding of an organization’s environment and its specific security gaps. The FBI recommends the following measures:
- Regularly backing up data and storing copies offline.
- Implementing network segmentation.
- Implementing a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location.
- Installing updates and patches for operating systems, software, and firmware as soon as they are released.
- Using multifactor authentication with strong passwords.
- Disabling unused remote access and remote desktop protocol ports.
- Auditing user accounts with administrative privileges and configuring access controls with the least privilege in mind.
- Installing and regularly updating anti-virus and anti-malware software on all hosts.
- Avoiding using public Wi-Fi networks and considering using a VPN.
- Providing cybersecurity awareness and training from a reputable source.
Transferring Cyber Risk
Cyber insurance can offer solutions to transfer risks associated with ransomware and other cyber threats. However, policy terms and conditions can vary and are negotiable. Most policies cover both first and third-party costs, and a select few may extend coverage to bodily injury and property damage resulting from cyber attacks.
Organizations seeking comprehensive cyber insurance coverage should be prepared for a market that is focused on data security controls, especially those designed to prevent ransomware attacks. Applicants without adequate protections may face higher insurance rates, reduced policy limits, greater retentions, and policies that restrict coverage. Cyber insurance underwriters may decline to offer terms if specific protections are not in place.
To prepare for entering the cyber insurance market, organizations should work closely with their cyber insurance broker to understand where their security controls may be lacking and create a roadmap for remediation. This can help organizations be viewed as a best-in-class risk by the underwriting community.
It is crucial to prioritize cybersecurity in senior living facilities. To prevent and address ransomware attacks, it is necessary to have a thorough understanding of the organization’s security gaps and the overall environment. Working with a reputable IT partner such as vcpi can provide additional layers of protection, leading to a greater sense of security and peace of mind. Partnering with vcpi can also help you make sure you are covered and have adequate protections in place before you apply for cyber insurance. To get started and keep your communities safe and protected reach out and have a conversation with us today!