Reducing the Damage of Double Extortion Healthcare Ransomware Attacks

Healthcare RansomwareCOVID-19 has spread infection among more than just people. Organizations, including hospitals, have experienced escalating infections of a different variety as the chaos surrounding the coronavirus pandemic has been an ideal environment for a rise in phishing attacks and new malware tactics.

Given the new or expanded networks that had to be built very rapidly so that some workers could work from home, businesses are currently more vulnerable. For example, remote working often utilizes Remote Desktop Protocol, which tends to increase the likelihood of ransomware attacks. Workers are, understandably, looking for easy access to file servers or their work computer; however, using this protocol over a public network substantially increases vulnerabilities.

New Double Extortion Ransomware Attacks

Ransomware operators have adopted to the new environment by increasingly utilizing a “double extortion” tactic. These attacks first emerged in late 2019 and escalated in early 2020. This ransomware attack further corners its victims by not only demanding a ransom to recuperate encrypted files but also to avoid the release of stolen sensitive data. To further pressure victims, ransomware criminals have created pages on the deep web where they post samples of stolen data letting victims know the types of data staged for release if payment is not received.

Healthcare Ransomware Attacks Increasing

As if the healthcare industry is not under enough pressure, ransomware attacks are exploiting the increased use of VPNs used to facilitate social distancing efforts for hospital staff that can work from home. Hospitals are increasingly the targets of these “double extortion” attacks.

Attackers scan for weaknesses and enter the network to deploy their ransomware payload. The goal is to hold the victim’s computer ransom and to collect sensitive, health-related data that the attackers then threaten to release. In response, hospitals are being encouraged to create backups of all data and provide policies on ransomware and malware attacks to educate staff.

Reducing Frequency of and Damage from Ransomware Attacks

While working to preventing ransomware attacks, it is also essential to ensure your network and staff are prepared if an attack does occur. The following are some tips:

  • Always keep and maintain current backups of files to perform a restoration of any impacted files
    • These files should be stored on a device not on the network, such as external drives
  • Develop policies and conduct training to lessen the success of phishing emails
  • Purchase and maintain anti-virus and firewall protection software
  • Ensure software patches are up to date
  • Use trusted VPN connections to avoid vulnerabilities on public networks

Policies and procedures must be created so that employees may assist in reducing cyberattacks and avoid falling victim to phishing attacks. Recommended practices for employees include:

  • Regular training sessions
  • Test employees with phishing assessments
  • Provide safe procedures for navigating sites

What should you do if you are infected by ransomware?

First, paying the ransom is never recommended as it only funds the hackers and does not guarantee the return of your files nor that any stolen data will not be released. Next, if possible, impacted files should be restored using backups. Finally, it is crucial to isolate the infected device by disconnecting it from everything. Any devices that were connected to the infected device that may potentially or partially be infected will also need to be isolated.

These are overwhelming times that are severely straining the IT and security resources of many organizations. If you need help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or




Managed Detection & Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email & Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance & Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.


Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.


Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.


White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 



Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion