Healthcare and The Threat of Ransomware in 2018
It’s no secret that the healthcare system is wracked with ransomware attempts. In fact, it was one of the leading concerns for 2017. These ransomware attempts are due to the significant amount of personal information that’s in the hands of the healthcare providers. All this private data is an attractive target for hackers who want to make a quick, albeit illegal, buck.
According to McAfee research, the healthcare sector has suffered more than most when it comes to ransomware.
Part of the reason for this is the surprising lack of focus on cybersecurity amongst many hospital administrators and healthcare providers—They are more worried about HIPAA compliance regarding data protection, rather than overall IT security.
Healthcare providers focus must change. Ransomware attacks are predicted to be more numerous and disastrous than ever before. They have a hidden purpose–to severely harm your IT network, business and potentially your patients.
Hospitals, healthcare systems, and providers must take cybersecurity seriously and make it a priority.
Raj Samani, Chief Scientist at McAfee, predicts that not only will ransomware attacks continue as they have traditionally, but hackers will also introduce pseudo-ransomware attacks:
“The healthcare sector has probably suffered more than most, regarding ransomware,” said Samani. “What we see today is the broken proliferation of ransomware–which started in healthcare.”
According to Samani, pseudo-ransomware is a significant challenge. It looks like a virus, but its purpose is something entirely different. These attacks will take hold of your data and hold it for ransom. However, no longer will hackers merely lock down your computer screen or workstation, they’ll take your data. And if you refuse to pay them, they’ll expose your private information.
In 2017, multiple medical facilities in the U.S. were the target of different attacks. Some ended up paying thousands of dollars to retrieve their files. The hackers used ransomware to encrypt data, lock computers and hold the information for ransom payments. These attacks should be a primary concern for healthcare administrators and providers who store a significant amount of private information.
According to the FBI, we see an increase in these types of cyber attacks, particularly against organizations because the payoffs are high.
The FBI doesn’t support paying a ransom in response to a ransomware attack. “Paying a ransom doesn’t guarantee an organization that it will get its data back, said FBI Cyber Division Assistant Director James Trainor—We’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations, but it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activities associated with criminals.”
Ransomware attacks are not only increasing, but they’re also becoming more sophisticated.
One reason for the increase in ransomware is because, ironically, we’re better at defending against it. Increasing IT security, decreases the likelihood that you’ll be the target of an attack, right? Wrong – hackers only supplement their efforts with new forms of ransomware. When they succeed, they’ll steal your information and make you pay obscene amounts of money for it.
Hackers have proven that no information off limits to them. They will take whatever information will get a reaction from the owner of the data, no matter how personal or sensitive. For this reason, it’s essential to have a good cybersecurity defense in place to protect your organization and confidential data.
The FBI advises that you take a multi-pronged approach to battling hackers. This includes implementing software restriction policies, backing up data regularly, patching operating systems and restricting access to some necessary files or directories.
The best way to prevent ransomware attacks is to use these best-of-breed solutions to keep the attackers out of your network. An architectural approach to IT security is the most effective way to prevent a ransomware attack from succeeding in the first place. With these protections in place, the criminal will move on to another, more vulnerable IT system to attack.
To safeguard your protected health information from ransomware and other malicious threats, your Managed Service Provider (MSP) can leverage a new best-of-breed security architecture with a layered protection that extends from the DNS layer to email, network, and endpoints.
There are numerous phases to a ransomware attack. The criminal must first design an Internet infrastructure to support the execution of command-and-control (C2) phases. Your MSP can implement an umbrella-like protection that blocks this before establishing a connection—One that can prevent the C2 callbacks and stop your system from releasing data.
To prevent you or your staff from unknowingly being targets of ransomware, you should do the following:
- Ask your Managed Service Provider (MSP) to conduct security-awareness training sessions on a regular basis. They should provide information on the latest threats and tactics, and train your staff on incident-reporting procedures, so they feel comfortable relaying that they’ve been the target of an attack.
- Reinforce your security policies, such as not revealing or sharing user credentials (usernames/passwords). Plus, your staff should only use company-sanctioned software and applications.
- Sign up for Software-as-a-Service (SaaS) applications to share files, exchange documents, and collaborate on projects, rather than relying on an email that might contain malicious attachments.
- Make sure your staff never enables macros in Microsoft documents. Macro-based malware is on the rise and is very difficult to detect.
- Use non-native document rendering for pdf files and files in the cloud. Applications for desktops aren’t patched regularly, where cloud applications are.
- Don’t forget about physical security. Shred paper documents, keep track of who is in your office, and prevent practices like shoulder surfing, piggybacking, and dumpster diving.
- Have your MSP conduct ongoing risk assessments to find any vulnerabilities in your IT system:
- Conduct periodic port and vulnerability scans.
- Centralize your data logging and event-management platforms (SIEM).
- Practice timely patch management.
- Stop using unnecessary services and follow system-hardening
- Practice strong password requirements, and use two-factor authentication whenever possible.
“There’s no method or tool that will completely protect you or your organization from a ransomware attack,” said FBI Cyber Division Assistant Director James Trainor. “But contingency and remediation planning is crucial to business recovery and continuity — and these plans should regularly be tested.”