NRC Health recently disclosed that it was the victim of a ransomware attack Feb. 11.
In a statement, Paul Cooper, the company's chief information officer, said it immediately shut down its system in an effort to contain the attack, launched its own investigation and notified the FBI.
Cooper said in the statement that NRC Health "has made significant progress in restoration to our systems and services to our customers and we anticipate full restoration in the coming days. At this time, there is still no evidence of unauthorized access to or acquisition of any data from our systems, including protected health information or other confidential information as a result of this incident."
Despite the company's assurances that there was no evidence of patient data being compromised, CNBC reported last week that some of NRC Health's clients were worried that it might eventually be discovered that there was a breach, which would require them by law to notify their patients.
Other clients also reported to CNBC that they were worried about confidential business information being stolen.
Ransomware attacks involve a type of malware that essentially overrides the encryption of files. Perpetrators of the attack then demand money either to restore access to the files or to prevent sensitive data from being made public.
According to a report from Comparitech, a website that reviews computer products and services, there have been 172 ransomware attacks just on health care organizations since 2016, including four others in Nebraska.
Doug Rausch, an assistant professor and program director for cybersecurity at Bellevue University, said ransomware use is on the rise, "and one of the reasons is because it works."
Rausch said organizations often just pay the ransom because it can take weeks to restore data — if they even can restore the data.
He said paying the ransom is risky, because there is no guarantee the perpetrator will restore access to the data, and even if it does, there's no guarantee it won't leave behind malware in the system or steal data.
Ransomware is just one kind of cyberattack that businesses, government agencies and nonprofits are faced with.
Among the most common are "phishing" attacks, in which perpetrators try to get someone to click on a link in an email; hacking into systems and stealing passwords or data; and overwhelming a company or organization's servers to prevent them from being able to conduct their normal business.
According to a report from the Identity Theft Resource Center, there was a 17% increase in reported cyberattacks in 2019, compared with a year earlier.
And that's only actual breaches that are reported. CPO Magazine reported last year that only about 10% of cybercrimes are reported to authorities.
There have been several high-profile cyberattacks in the past couple of years that either targeted Nebraska-based entities or affected a significant number of state residents.
Among them were:
* A data breach reported by Ameritas in July, in which several of its employees fell victim to a phishing scam. The company said an undisclosed number of customers may have had data exposed, including names, Social Security numbers and policy numbers.
* Malware installed on point-of-sale devices at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants allowed scammers to steal credit and debit card information.
* In July 2018, Boys Town National Research Hospital reported a data breach that potentially exposed the personal health information of more than 105,000 people.
Government agencies are often targets of cyberattacks, and just last week, the city of Wayne reported a ransomware attack that crippled all of its Internet-based systems.
The town said on its Facebook page that it didn't believe any personal information was compromised.
Utilities are another frequent target of cyberattacks.
The New York Times reported last year that Cooper Nuclear Station near Brownville had been targeted by Russian hackers in 2017.
Nebraska Public Power District, which owns the plant, denied the report, but a spokesman did tell the Journal Star that attempted foreign-based cyberattacks against Nebraska power plants are not unusual.
Lincoln Electric System for the first time last year started providing its board with a tally of potential cybersecurity issues.
A report given at the January board meeting listed 1,766 suspicious emails and 274 cyber "events" in 2019.
LES spokeswoman Kelley Porter said the events included everything from multiple failed log-in attempts by a user to servers not responding — anything that could point to a cyberintrusion.
"Our cyberteam is overly cautious on these events to make sure we look at all of them," she said. "We are trying to identify suspicious activity in our network before something happens like ransomware or a data breach."
Experts say the best defense against cyberattacks is to practice cybersafety. That includes things such as not clicking on links in email, not opening unknown attachments, changing passwords often and not sharing them with others, and keeping operating systems and anti-virus protection up to date.
Rausch said prevention is vital, but organizations also need to be prepared to respond to an attack and have a restoration plan in place.
"You need to believe you are going to get attacked," he said.
©2020 Lincoln Journal Star, Neb. Distributed by Tribune Content Agency, LLC.
