Protecting Arizona Businesses And Public Entities From Growing Threat Of Ransomware Attacks

Protecting Arizona Businesses And Public Entities From Growing Threat Of Ransomware Attacks

By Terri Jo Neff |

According to cybersecurity experts, anyone with a computer connected to the internet is at risk of a ransomware attack which involves a malware designed to encrypt files on a victim’s device, rendering the files and ultimately the systems which rely on them unusable.

The criminal or criminals who placed the malware via an email attachment or a download which appeared to be safe then exhorts the victim by demanding ransom in exchange for a decryption key or file to “recover” the system.  

Most people think of homeland security in terms of enhancing border security and preventing terroristic attacks in Arizona. But cybersecurity is a critical element in protecting Arizona’s infrastructure as well as economic security, according to Ryan Murray, deputy director of Arizona Department of Homeland Security (AZDOHS).

And at the same time that major companies and large government entities are strengthening their IT protocols, cyber criminals are focusing on smaller businesses, local non-profits, and public bodies such as school districts and fire departments, all of which generally don’t have a dedicated IT specialist, or a good understanding of the threat posed by a ransomware attack.

Such targets are easy pickings, Murray told AZ Free News. Adding to the problem is that many cyber attackers are no longer interested in simply holding a company’s IT system hostage until a ransom it paid. They are now incorporating data theft to the attack, Murray said.

Which is what happened in May when a ransomware attack hit Desert Wells Family Medicine in Queen Creek and led to the shutdown of the company’s IT system and left thousands of patients’ health records corrupted after the files were stolen.

In the end, Desert Wells had to manually “rebuild” its 35,000 patient records through other venues such as pharmacies, hospitals, and laboratories because none of its records were recoverable prior to May 21, the date of the hack.

With the scourge of ransomware attacks hard to stop -80 to 90 percent of cyberattacks originate overseas, says Murray- it is imperative for all companies, non-profits, and government entities large and small to understand how to reduce their vulnerabilities. And know what to do when an attack hits.

Which is why Murray’s team is developing a soon-to-be-launched website that provide a wealth of information on protecting against, responding to, and surviving a ransomware attack. The agency will also provide guidance on how to conduct an assessment of the vulnerabilities and strengths of a company’s website, email system, and workstations.

There will also be a speakers’ bureau to provide outreach across the state, says Murray.

And if a ransomware attack or data breach is suspected, local law enforcement officers can contact cyber security specialists as AZDOHS’s new Cyber Command Center which teams with various local, state, and federal agencies. In fact, many police department and sheriff’s offices in Arizona have a designated Threat Liaison Officer, or TLO, who has undergone training in how to respond to a reported cybercrime.

For now, information about what a ransomware attack involves, how to identify an attack, and what to do if victimized by such an attack can be found at

The combination of ransom demand and data theft which hit Desert Wells Family Medicine was reported to patients as well as the U.S. Department of Health and Human Services three months after it started. A wide range of information was accessed in the attack, including social security numbers, birthdates, names and addresses, and billing account numbers. 

Patient medical account numbers as well as diagnostic and treatment information were also hacked, the notice said. The medical clinic had its patient information backed up, but the hacker also corrupted that data.

Private businesses are not required to report whether any money was paid directly or indirectly in response to a ransomware attack. How the unknown hacker or hackers got into the medical center’s system -and its backup data- has not been publicly disclosed.

In the past, companies could turn to their insurers for “cyber coverage” to reimburse the costs associated with ransomware attacks. Some insurers even paid the ransoms in order to recover a client’s system, finding it the cheaper option.

But with the number of such attacks increasing in frequency and cost, it is becoming more expensive for businesses and governments to afford such coverage, if they can even get it. For those lucky enough to have cyber coverage, they will likely see premiums doubled in 2022 with policy limits significantly scaled back.