Addressing a Pervasive Threat by Planning Better and Offsetting Resource Shortages
Ransomware Spreading Through Healthcare
One of the latest of widespread cyber-attacks aimed at the healthcare industry, WannaCry, has served as yet another reminder that ransomware is a major concern among healthcare IT leaders. First unleashed on Friday, May 12 in the UK, reported by Healthcare IT News, the virus affected 100 countries within 24 hours, at which point a 22-year-old security researcher had mistakenly discovered something of a “kill switch.” Regardless, 150 countries were affected by May 15, and security agencies were warning the US that more could be coming. It’s worth noting, Microsoft did issue a patch for a vulnerability in March, prior to the attack, but unfortunately, not everyone updated their systems.
WannaCry definitely had a major negative impact on business continuity for healthcare organizations, disrupting everything from mobile x-rays to anesthesia, and it’s only one of the most recent of many ransomware attacks, which won’t be going away anytime soon. After all, healthcare data is the most valuable data there is, and malicious actors will stop at nothing to access it. It’s clear that healthcare needs a better solution, and it’s time to start putting the emphasis on preparing for the worst and being realistic about available internal resources.
Proactivity vs. Reactivity: Responding to Attacks is Important, But Planning for Them is Absolutely Critical
Healthcare IT News made an interesting observation: that ransomware is an unfortunate byproduct of a much larger issue, which are significant design flaws of healthcare infrastructure—ransomware is simply exploiting them. Unfortunately, the bulk of healthcare IT is run by legacy software and systems, not to mention the role of connected devices and IoT initiatives.
Knowing how to respond to a ransomware attack is an important duty of the security team. There’s no way to avoid attacks entirely, and if one gets through, a response plan has to be in place, without question. But what about spending more time on proactivity, rather than reactivity?
There are two sides to the coin: first, governments and device manufacturers. Second, security teams within healthcare organizations themselves.
It would be helpful for both governments and device manufacturers to work together to improve the design of medical devices. Security should be built into internet-connected devices, which would greatly reduce risk exposure stemming from the IoT. Better testing needs to be conducted, and medical device regulators should enforce safety controls.
Security teams within healthcare organizations themselves also need to work on proactivity. Larger initiatives such as improved governance structure for managing the risks of medical devices and buying and maintaining better equipment are a good start, but such massive projects don’t get finished overnight. There are, however, smaller things that healthcare organizations can do on an ongoing basis to cover proactivity along with reactivity:
Ensure your organization is performing backups regularly across the entire infrastructure. Healthy, consistent backups are the #1 mitigating measure your security team can and should be taking. Backups do not prevent ransomware attacks, but executing them regularly will allow efficient system restoration without paying a ransom.
- Implement a healthy encryption practice
Encrypting data does not prevent or stop ransomware attacks. However, encrypting your organization’s sensitive data at the very least can give your security team the upper hand in a ransomware situation by rendering your data unreadable.
- Invest in endpoint security/firewalls
Using a reputable suite of endpoint security software that is regularly updated will, at a minimum, provide assurance that only the most advanced releases of ransomware have the potential to affect your business.
- Consistent operating system upgrades and patch management
Make sure your IT team is keeping up with OS upgrades and patching. Microsoft, for example, is very reliable in assembling patches as soon as a new vulnerability is identified.
- Phishing training
Implementing a company-wide training program on recognizing phishing attempts is a reliable way to stop ransomware attacks before they begin. Many strains of ransomware are executed via email phishing, so ensuring that employees are trained to stop and evaluate all emails before engaging can save a lot of trouble.
- Consider Disaster Recovery as a Service (DRaaS)
Evaluating DRaaS could be a helpful protection measure against ransomware, even if you feel you have adequate personnel to cover DR. Using an enterprise DRaaS solution can help defend against hackers by keeping them away from storage used for DR files and backups which are kept on the network. IT personnel will still be able to access the data, but through a provider portal, Backup and Recovery Solutions Review suggested.
Resources vs. Actual Needs: What Can You Do With What You Have?
It’s not a secret that IT departments in the healthcare industry don’t get showered with unlimited budget for technology investments; most are trying to do the best they can with what they have. There’s a definite IT talent gap in healthcare, and it’s not helping cybersecurity. We can suggest ways for the government and industry to get involved in attracting students to the field, but similar to improving legislation, that doesn’t help anyone now. More ransomware is coming, so how can you use the resources available to you?
First off, what does your IT and security team look like? Whether you feel you have adequate or limited resources, evaluate whether they’re being allocated properly to address cybersecurity risks. If they’re not, assess how you can shift things around to cover all your bases. There might be certain specialists who will be of better value focusing more of their efforts on proactive security measures.
Secondly, consider working with an IT services partner who specializes in security, if you’re not already doing so. Especially if you’re short on resources, having a security partner in your corner will extremely helpful in evaluating your current security posture and determining whether you’re in a solid position of defense against attacks like ransomware, and what you can change if you’re not.
If you have questions about ransomware and would like to better understand how to safeguard your healthcare organization, contact us at www.peak10.com/contact-us or (866) 473-2510 to speak with one of our experts.
Have you been to the Peak 10 Industry Spotlight: Healthcare IT website? In 2016, we conducted a comprehensive study among healthcare IT decision makers, detailing industry technology developments, including the prevalence of ransomware attacks and increasing security concerns.