Ransomware attacks have plagued business of all sizes, healthcare institutions and even government entities during the first half of 2016, forcing CEO’s and CIO’s into damage control mode as IT teams scramble to beef up their security strategies. According to the FBI’s Internet Crime Complaint Center (IC3), the number of ransomware complaints across all industries increased from 1,402 in 2014 to 2,453 in 2015 and resulted in $1.6 million in losses. Those numbers don’t include unreported incidents, which put the total cost in 2015 to an estimated $24 million. The US government has referred to the current state of ransomware as an epidemic.
What is Ransomware?
Ransomware is a form of malware that blocks access to data and applications, locks down devices, or encrypts data in a way that renders it useless. Cyber criminals then demand a ransom to restore, unlock or decrypt the data. Ransomware is typically distributed through email phishing scams, which can target thousands of users (blanket attacks), focus on specific groups such as orthodontists or receptionists (spear phishing), or zero in on a big fish – the senior executives (whaling). When users click links or open attachments, the device becomes infected and the malware quickly spreads. Ransomware can also be automatically downloaded when users visit compromised or malicious websites.
Cyber criminals have been targeting healthcare organizations not only because of the high value of private patient data, but because ransomware can disrupt care delivery operations and affect patient safety. Under pressure to restore data and avoid compliance violations, several hospitals victimized this year have paid the ransom. In some cases, however, the payoff only emboldened the attackers, who refused to restore or unlock data and instead demanded additional payments.
What can we do?
There are a number of steps that healthcare organizations can take in terms of people, processes and technology to reduce the risk of ransomware attacks. First, all employees must be educated about the detection of potential threats and responsible use of email and social media. This requires a HR and IT to develop and distribute a formal, written policy, provide training, and simulated attacks that assess user preparedness. Healthcare organizations also need a documented procedure for reporting suspicious activity and an incident response plan that details how to respond to attack.
From the information technology standpoint, all data should be continuously backed up. Proper validation of the backup and restore process must be done regularly to ensure that you are able to recover in the event of an attack. This won’t prevent an attack, but it will minimize data loss. Strict access controls must be implemented to limit network access to authorized users. Network, Application and Compute device security must be emphasized to prevent exposure of data within those applications. Network-connected medical devices, sensors and other equipment must be secured and monitored and any infected systems must be immediately taken offline and quarantined. Cyber security tactics must be woven into your organization’s HIPAA compliance strategy to protect personal health information.
Ransomware is a growing threat to healthcare everywhere and it is likely to get worse before it gets better. Healthcare organizations must understand the threat and invest in comprehensive security strategies, systems and training to both prevent attacks and manage the inevitable breach. The healthcare industry tends to trail behind the the technology adoption curve, making it extremely susceptible to ransomware and cyber security breaches.
It’s time to strengthen your defenses. Stop merely detecting attacks on your healthcare infrastructure, prevent them. Cylance PROTECT is the only enterprise endpoint solution to block threats in real time BEFORE they cause harm. Schedule a 30 minute consultation with a Fortify 24×7 security team member to discuss endpoint protection and other solutions.