The Emergence of Healthcare Data Hostage Negotiators

By some estimates, stolen personal healthcare data sells on the dark web anywhere from 5-10x more than general consumer data. Getting $250 per patient record is not out of the ordinary – and this price escalates depending on the richness of that data.

Not surprisingly, most cybersecurity vendors will tell you that technology can and will protect you from these breaches. And they would be right…partially. However, most Chief Information Security Officers (CISOs) will tell you that the ransomware playing field has changed dramatically in recent years.

Because breaches are a two-part problem: First comes the denial of services that paralyze key platforms in an organization, such as an EMR or patient portal. Then the organization has to face the financial repercussions of paying to get that access and data back.

Today, even the most expensive cybersecurity platforms are penetrable. This means that any breach response must ironically revert to old-fashioned human factors to retrieve the data hostages.

After years of producing and attending healthcare security conferences, I'm finding that panelists are more open about the need to have data breach negotiators contracted at the scene, in much the same way law enforcement brings in their best to a human hostage crisis.

In this case, the goal is not only to return the data but also to mitigate the financial impacts of the ransom negotiations. While these payments aren’t broadcasted on the evening news, they are undoubtedly one of the most painful agenda items to discuss at board meetings. But unfortunately, ransom payments are happening more than we will ever know, and organizations need talent to blunt the financial blows.

As with many things on the dark side of the business, the fixers are often alumni who have decided to legitimize themselves. Long before we knew what the internet was, there was a market for reformed robbers and extortionists to guide companies and law enforcement through the complexities of protecting money or people from unsavory characters.

As you can surmise, this can become a huge game of “Who can you trust?” But the alternatives are less than appealing.

The initial negotiation process occurs on both the technology side and the ransom mitigation side. In reality, these methods are intertwined because negotiations are typically made on encrypted networks, and payments, if necessary, are sent using cryptocurrency. In addition, the negotiation strategy must include forensic elements to identify the whereabouts of the hostage takers.

So the ideal cross-functional skill set would be one with technology, the dark web, and hostage negotiation expertise.

Needless to say, you won’t see these candidates advertising on Indeed or LinkedIn. However, cyber-risk insurers are becoming increasingly familiar with this talent pool.

So as you determine your breach response strategy, explore the possibility of having a data negotiator on speed dial to ensure you can mitigate the loss of money and private data early on in a breach.

Subscribe to the ICD Healthcare Network for more healthcare insights.