Ways to Avoid Ransomware Attacks for Self-Insured Municipalities


Ways to Avoid Ransomware Attacks for Self-Insured Municipalities

In today’s insurance marketplace, the benefits of technology cannot be overstated; however, the dark side of technology—namely ransomware attacks—is now infiltrating self-insured municipalities. Ransomware attacks occur when criminals find a way into the organization, encrypt as much data as possible, and then extort money from you to get your own data back.  If the ransom is not paid, the criminals may delete your data altogether.

There have been more than 170 ransomware attacks on U.S. state and local governments since November 2013, notes the technology security company Recorded Future.  The costs to remedy these attacks are growing and the adage, “it won’t happen to us,” is no longer valid.

In March 2018, the city of Atlanta had more than a third of its systems paralyzed by a ransomware attack. Recovery took more than a year, with costs estimated at $17 million. After refusing to pay an $80,000 ransom at the advice of law enforcement authorities, Baltimore officials recently approved $10 million in emergency funding to recover from a similar attack that immobilized some of the city’s systems, and services such as water billing are still offline, according to reports.  Smaller cities, such as Lake City, Florida, are also not immune: Recently, city administrators paid hackers a ransom of 42 bitcoins, or roughly $426,000.

Self-insured groups and public entities such as municipalities are among groups that particularly vulnerable, because they:

  • Operate within a significant regulatory environment;
  • Have data that others could steal and monetize (personally identifiable information such as social security numbers, HIPAA-related information, credit card numbers, etc.;
  • Have data that is critical and necessary to conduct business.

Insurance And Security Measures Can Protect You

For captive insurers, property and casualty and workers’ comp carriers, lapses in cybersecurity can even impact mergers and acquisitions. According to security firm Forescout Technologies Inc., 53 percent of more than 2,700 global businesses surveyed report a critical cybersecurity issue putting an M&A deal in jeopardy.

“Unfortunately, it happens again and again to municipal systems that don’t have all the latest software, the latest protections or the highest-paid IT staffs,” Lee McKnight, an associate professor at Syracuse University’s School of Information Studies and an expert on cybersecurity, told USA Today.

Computers and Cybersecurity

I believe McKnight’s comment minimizes the essence of how self-insured groups and public entities such as municipalities actually work because it’s not all about the latest software or highest-paid IT staffers.

And protecting your organization from a ransomware attack does not necessarily require expensive next-generation firewalls, intrusion prevention systems or “security as a service” systems.

What it does require is common-sense due diligence, a clear line of responsibility for technology systems, a plan that holds all partners and vendors to the same security requirements, a secure cloud platform, and should the worst possible case occur, an incident response system.

Even with those elements in place, it’s still important to assess your actual risk against a ransomware attack.  Actual risk includes more than just data housed on a server; it includes reputational/brand risk and the impact of losing trust from partners/vendors and members/customers as a result of an attack. 

To assess your relative risk to a ransomware attack, consider your organization’s size, the number of cities and counties with which you do business, and the cybersecurity measures you currently employ.  Assess your own risk tolerance—the potential damage to your organization that hackers could inflict… and assess the cybersecurity countermeasures you currently have in place.

When viewing your organization’s vulnerabilities in this way, it becomes clear that inaction is no longer an adequate response.

From a technology solution provider’s viewpoint, we understand the importance of rigorous quality assurance testing to ensure that the CHSI Connections cloud platform meets and exceeds insurance industry security standards.  This means your data is controlled, available and safe from compromise.  In addition to data encryption, in transit and at rest, we operate comprehensive compliance and assurance programs.

By creating a culture of alert self-monitoring, a plan that makes employee safety training and security safeguards a priority, and a strategy that involves all stakeholders, including technology solution providers, your chances of being vulnerable to a ransomware attack diminish.