It’s no secret that the healthcare system has been wracked with ransomware attempts. In fact, it was one of the main concerns for 2017. This is due to the large amount of personal information that’s in the hands of the healthcare providers. All this private data is an attractive target for hackers who want to make a quick, albeit illegal, buck.
According to McAfee research, the healthcare sector has suffered more than most when it comes to ransomware.
Part of the reason for this is the surprising lack of focus on cybersecurity amongst many hospital administrators and healthcare providers—They are more worried about HIPAA compliance regarding data protection, rather than overall IT security
This must change. It’s predicted that ransomware attacks are going to be more numerous and disastrous than ever before. They have a hidden purpose–to severely harm your IT network, business and potentially your patients.
Hospitals, healthcare systems, and providers must take cybersecurity seriously and make it a priority.
Raj Samani, Chief Scientist at McAfee, predicts that not only will ransomware attacks continue as they have traditionally, but hackers will also introduce pseudo-ransomware attacks:
“The healthcare sector has probably suffered more than most, in terms of ransomware,” said Samani. “What we’re seeing today is the broken proliferation of ransomware–which really started in healthcare.”
According to Samani, pseudo-ransomware is a major challenge. It looks like a virus, but its purpose is something entirely different. These viruses will take hold of your data and hold it for ransom. However, no longer will hackers simply lock down your computer screen or workstation, they’ll take your data. And if you refuse to pay them, they’ll expose your private information.
In 2017, multiple medical facilities in the U.S. were targeted in different attacks. Some ended up paying thousands of dollars to retrieve their files. The hackers used ransomware to encrypt data, lock computers and hold the information for ransom payments. This should be a huge concern for healthcare administrators and providers who store a large amount of private information.
According to the FBI, we’re seeing an increase in these types of cyber attacks, particularly against organizations because the payoffs are high.
The FBI doesn’t support paying a ransom in response to a ransomware attack. “Paying a ransom doesn’t guarantee an organization that it will get its data back, said FBI Cyber Division Assistant Director James Trainor—We’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activities associated with criminals.”
Ransomware attacks are not only proliferating, they’re becoming more sophisticated.
One reason for the increase in ransomware is because, ironically, we’re better at defending against it. Increasing IT security, decreases the likelihood that you’ll be attacked, right? Wrong – hackers only increase their efforts with new forms of ransomware. When they succeed, they’ll steal your information and make you pay obscene amounts of money for it.
Hackers have proven that no information off limits to them. They will take whatever information will get a reaction from the owner of the data, no matter how personal or sensitive. For this reason, it’s important to have a good cybersecurity defense in place to protect your organization and confidential data.
The FBI advises that you take a multi-pronged approach to battling hackers. This includes implementing software restriction policies, backing up data regularly, patching operating systems and restricting access to certain key files or directories.
The best way to prevent ransomware attacks is to use these best-of-breed solutions to keep the attackers out of your network. An architectural approach to IT security is the most effective way to prevent a ransomware attack from succeeding in the first place. With these protections in place, the criminal will move on to another, easier IT system to attack.
To safeguard your protected health information from ransomware and other malicious threats, your Managed Service Provider (MSP) can leverage a new best-of-breed security architecture with a layered protection that extends from the DNS layer to email, network, and endpoints.
There are numerous phases to a ransomware attack. The criminal must first design an Internet infrastructure to support the execution of command-and-control (C2) phases. Your MSP can implement an umbrella-like protection that blocks this before a connection is established—One that can block the C2 callbacks and stop your system from releasing data.
To prevent you or your staff from unknowingly being targets of ransomware you should do the following:
- Ask your Managed Service Provider (MSP) to conduct security-awareness training sessions on a regular basis. They should provide information on the latest threats and tactics, and train your staff on incident-reporting procedures, so they feel comfortable relaying that they’ve been targeted.
- Reinforce your security policies, such as not revealing or sharing user credentials (usernames/passwords). Plus, your staff should only use company-sanctioned software and applications.
- Sign up for Software-as-a-Service (SaaS) applications to share files, exchange documents, and collaborate on projects, rather than relying on an email that might contain malicious attachments.
- Make sure your staff never enables macros in Microsoft documents. Macro-based malware is on the rise and is very difficult to detect.
- Use non-native document rendering for pdf and files in the cloud. Applications for desktops aren’t patched regularly, where cloud applications are.
- Don’t forget about physical security. Shred paper documents, keep track of who is in your office, and prevent practices like shoulder surfing, piggybacking, and dumpster diving.
- Have your MSP conduct ongoing risk assessments to find any vulnerabilities in your IT system:
- Conduct periodic port and vulnerability scans.
- Centralize your data logging and event-management platforms (SIEM).
- Practice timely patch management.
- Stop using unnecessary services and follow system-hardening
- Practice strong password requirements, and use two-factor authentication whenever possible.
“There’s no one method or tool that will completely protect you or your organization from a ransomware attack,” said FBI Cyber Division Assistant Director James Trainor. “But contingency and remediation planning is crucial to business recovery and continuity — and these plans should be tested regularly.”
