In the wake of COVID-19, healthcare organizations are scrambling to not only protect their patients' lives, but their data and privacy as well.
Ransomware is perhaps the greatest cybersecurity challenge facing the healthcare industry right now. A recent survey found that 73 percent of health systems, including hospital and physician organizations, reported their data infrastructures are unprepared to respond to attacks. The survey estimated that healthcare providers with 500 or more records are a staggering 300 percent more vulnerable to data breaches.
Numerous hospitals and medical centers have had operations severely impacted, or even halted from attacks, which is challenging under normal circumstances, but nearly insurmountable in the midst of a pandemic. In the instances reported, files and systems became infected, forcing practitioners to use manual pen and paper systems to keep operations from shutting down completely.
Attackers use a wide range of techniques to break into systems, find sensitive data, deploy encryption tools to lock data, and then demand a ransom in exchange for retrieving encryption keys. By employing the measures outlined below, healthcare practitioners can help protect their business, their patients, and their data from ransomware attacks in 2021 and beyond.
One key thing that makes a healthcare system an easy target is an understaffed IT department. For all the advanced medical technology and expertise hospitals and medical centers have in spades, they are frequently less prepared in the IT department. Technical staff and security funding tend to be in limited supply, and bad actors will schedule their attacks on weekends or off-hours, when they know IT staff is scaled back from the regular workweek.
Investing in a professional IT staff will ultimately save practices valuable time and money. Organizations need to shift to a “prepare and prevent” mindset, rather than “deal with the cleanup after-the-fact.”
Another reason healthcare systems are easy targets is because they tend to have a mix of older, legacy equipment and systems, as well as cutting-edge technology. If the older systems are not properly maintained, updated and/or patched, they become vulnerable.
Older medical devices, such as MRI machines or machines with databases built into them, have vulnerabilities that are well known to seasoned ransomware attackers, such as password-related backdoors due to weak manufacturer-set passwords or poor password security practices.
Future-proofing information systems and the application infrastructure against ransom attacks is essential whether or not the practice has suffered an attack. Practitioners must assume that the precursors to the next attack are already inside the system. Once inside a system, ransomware and associated malware are designed to look like normal operations. This is how they are able to dwell inside networks for weeks and months, executing undetected.
Advanced cybersecurity solutions enable visibility into essentially every application function during runtime, with real-time insight into performance. The aim is to stop exploits as soon as they occur, before any significant damage is done. These solutions designed to detect and stop any code that deviates from normal.
All employees, from doctors to front office staff, must be on high alert. Cyber criminals are using increasingly manipulative exploits during the global health crisis. It’s important for every practice to educate their staff about phishing email and other potential risks to avoid. Research states that nearly 93 percent of attacks infect systems from a phishing email with a malware-laced link. “Drive-by downloading” is another method where a user accesses an infected website and becomes infected.
Particularly with an increase in remote work, medical networks are even more vulnerable, and staff need to be extra cautious. Oftentimes medical staff need to access critical data from remote laptops, some of which may be personal laptops or devices that have users other than the employee. Without remote work, server workloads would mainly only be exposed to private networks. Now they are exposed to remote workers’ unsecured devices, further exposing practice networks.
Staff should enable two-factor authentication on network devices and systems and follow a password management policy that enforces regular updates and strong passwords. Implement a reliable backup and recovery system protected from network access. Regularly update all software, operating systems and anti-virus solutions. These small steps in everyday practice workflow can ultimately be the first barrier of defense from a ransomware attack.
Regardless of how much practices prepare, hackers will continue to hack successfully. The question healthcare systems face now is whether their network is prepared to handle better and more frequent attacks without shutting down completely. Healthcare organizations are critical infrastructure, providing essential services for the public. Their many vulnerabilities leave them exposed, but by implementing these key steps to protect their organization, practitioners can strengthen and fortify their security stance.
About the Author
Willy Leichter is the VP of Product Management at Virsec, the industry leader in application-aware workload protection. He has over twenty years of experience in product marketing, product management, outbound marketing, communications, digital marketing, and demand generation. He has worked with a wide range of global enterprises to help them meet evolving security challenges. With extensive experience in a range of IT domains including network security, global data privacy laws, data loss prevention, access control, email security and cloud applications, he is a frequent speaker at industry events and author on IT security and compliance issues.