Healthcare hostage crisis: Avoid and survive ransomware attacks
By Ken Bradberry
The healthcare industry is under attack. Not from politicians, reformers or mergers – but from cyberattacks. Over the past few months alone, “ransomware” attacks have locked the data and systems at dozens of hospital systems and providers.
The healthcare industry is a major target for hackers and criminals looking for clinical and financial information. Healthcare IT systems are perceived as “soft targets” that are easy to penetrate. Symantec’s 2016 Internet Security Threat Report confirms that healthcare organizations are at greater risk today than ever before. The groups that design and execute these breeches are not backroom, disjointed hackers: They are highly trained, organized experts who are focused on specific targets. In many cases, they are managed by foreign governments and terrorist organizations.
When Hollywood Presbyterian hospital discovered a ransomware attack, their data was completely unusable, which left the hospital and its patients at risk. The hospital leadership relented after 10 days and paid the $17,000 ransom in order to regain control of their data and networks.
That simple act emboldens the hackers who undoubtedly collected their bitcoins and moved on to the next vulnerable healthcare target. But the real motives for these attacks aren’t necessarily financial. Evidence suggests that these attackers are gathering human intelligence that could be used for future targeting.
Although it’s impossible to stay out the hacker’s crosshairs, it is possible to reduce the risk of your organization getting hijacked by these threats to privacy and security.
One of the best resources to reduce the risk of ransomware is to understand how hackers gain access to networks and data.
Social engineering, such as phishing, involves bogus emails that appear to come from legitimate businesses or resources. These notes induce end users to open attachments or hyperlinks that install malicious software on their computers. Hackers also exploit network and systems vulnerabilities that result from the staff’s general lack of monitoring and awareness of security threats.
These types of hacks don’t necessarily happen in one event, but potentially over a period of weeks, months and — in some cases — years. At Hollywood Presbyterian, investigators found several examples where IT leaders could have reduced their risk of attack and malware infection.
The number one preventative measure is education. Most of these attacks are invited by end users who unwittingly click on links in email and websites, or mishandle protected health information. A comprehensive security training program for the end-user can significantly reduce the social engineering risk.
IT infrastructures should be regularly penetration-tested, and networks and systems scanned for vulnerabilities. Security tools, like Intrusion Detection and Prevention systems, as well as End Point Security solutions, are essential lines of defense and should be part of your daily operations.
Complete and tested backups of all production data is essential. Ransom attackers are betting that your IT department doesn’t have an effective backup and recovery solution. In addition to backups, your team must be able to restore servers and network configurations; this is critical to maintaining control and ensuring alternatives in a ransom situation.
Disaster recovery and business continuity plan is a must-have for every healthcare organization. These plans are essential to maintaining operations and providing guidance in the event of a disaster or a loss of a critical service. Your plans must include the critical systems, recovery methods and contingencies so that your organization can respond to threats with confidence.
Report the event. If you fall victim to a ransomware event, don’t keep it private. Work with security vendors and trusted solution providers who can help you mitigate risk and gracefully navigate the event.
Healthcare is a very clearly target now and is slowly waking up to the fact that providers are grossly unprepared to prevent and survive a major cyberattack. Develop a plan, assess your infrastructure, educate staff and develop a complete testing approach. These checkpoints will help you reduce risk and empower your organization to defend against a growing threat.