Ransomware incidents in healthcare are on the rise, and it’s really no surprise. It’s an industry where time, attention and money is focused on improving patient outcomes, not cybersecurity.
Attackers know this; however, and view healthcare as a soft target, ripe for ransomware. Recent, highly publicized incidents at hospitals like Los Angeles’ Hollywood Presbyterian and Kentucky’s Methodist Hospital prove that hackers’ instincts are correct. Short of paying ransom, what can other healthcare organizations do to fight back, and reduce their chances of becoming the next victim?
Who are these attackers?
First, let's try to understand the mindset of these attackers who target healthcare organizations for their enticing mix of sensitive data, vulnerable systems with life-or-death criticality, and a widespread lack of security expertise.
Thanks to the Obama administration’s mandate to adopt EHRs (electronic health records), the healthcare sector went digital. Fast. For instance, the percentage of hospitals using EHRs has jumped to 96.9% from just 9.4% in 2008, all while IT staffing and security budgets remained stagnant at best.
Compared to hardened sectors like financial services and e-commerce, which pour millions into information security defenses each year, healthcare is both easy to breach and more likely to pay. The best defense, then, is to make your healthcare organization both harder to attack and harder to profit from.
What can you do to begin your defense?
Back up critical data. Hollywood Presbyterian had little choice but to pay a $17,000 ransom to regain control of operations, because it had no backups available when its systems were infected with ransomware. Having regular, tested backups will help minimize downtime during the restoring process.
Know your data. You should know exactly what your critical data is and where it resides so you can better focus security and staffing resources where they make sense. This type of asset inventory also helps when determining a ransomware response, since less critical data may be more likely to be hit but less likely to require paying a ransom.
Educate users. Most ransomware attacks gain a foothold when an employee unknowingly clicks a malicious link in a phishing email. Educating users to recognize phishing email helps. So does blocking pop ups and whitelisting common websites. Perhaps, the best deterrent is simply to prohibit clicking any email links and train employees to instead copy the URL and pasting into their browser's address bar.
Keep anti-malware systems up to date. Ensure all endpoints are configured with updated antivirus software and that IDS/IPS signatures and firewalls are maintained regularly.
Partner with the right vendors. Use cybersecurity vendors that can analyze your business, uncover vulnerabilities and help you build a unified approach – across endpoints, networks, web gateways and more – designed to thwart ransomware.
It's important to deploy a cohesive cybersecurity infrastructure that simplifies the sharing and management of real-time threat intelligence across tools — essential to fighting ransomware in complex healthcare network environments. Read more about our approach to security.