The emergence of healthcare data hostage negotiators

By some estimates, stolen personal healthcare data sells on the dark web for anywhere from five to ten times more than general consumer data. Getting $250 per record is not out of the ordinary and this price escalates depending on the richness and timeliness of the personal health data.   

Most cybersecurity vendors will not tell us that it is technology that protects us from these breaches. And they would be right…partially. However, most Chief Information Security Officers (CISOs) will tell you that the ransomware playing field has changed in recent years.  

There are two aspects to these breaches. First, is a denial-of-service element that paralyzes certain key platforms, such as Electronic Health Records (EHRs) or patient portals. The second is the financial aspect of paying to get access and data back  

Even the most expensive cybersecurity platform is penetrable, meaning the breach response must ironically revert to old-fashioned human factors to retrieve the data held hostage. 

After years of producing and attending healthcare security conferences panelists are becoming much more open about the need to have data breach negotiators contracted in much the same way law enforcement would bring their best negotiators to a hostage scene.  

In this case, the goal is not only to return the data but also to mitigate the financial impacts of the ransom negotiations. Needless to say, those payments are not broadcast on the evening news and are undoubtedly one of the most painful agenda items to discuss at board meetings.  

But unfortunately, ransom payments are happening more than we will ever know and the need for talent to blunt the financial effects has increased dramatically.  

As with many things on the dark side of business, the fixes come from those who are alumni of the sinister side of the web but who have decided to legitimize themselves. Far before we knew what the internet was there was a market for reformed robbers and extortionists to guide companies and law enforcement through the complexities of protecting money or people from unsavory characters looking to bank on others’ blind spots.  

As you can surmise, this can become a huge game of “Who can you trust?” But the alternatives have become less appealing.  

The initial negotiation processes take place on both fronts, the technology side and the ransom mitigation side. In reality, these are intertwined because negotiations are typically done on encrypted networks, and payments if necessary are made using cryptocurrency. Also, there are forensic elements designed to identify the hostage takers’ whereabouts.  

So the ideal cross-functional skill set would be one with technology, the dark web, and hostage negotiation expertise.  

Needless to say, there is not a surplus of these candidates, and because of their stealthy background, you won’t see them advertising on Indeed or LinkedIn job listings.  

However, cyber-risk insurers are becoming increasingly familiar with this segment’s talent pool for obvious reasons related to minimizing payouts to bad actors.  

So as you determine your breach response strategy explore the possibility of having data negotiators on speed dial to assure that you can mitigate the loss of money and private data early on in the process.