How to minimize ransomware attacks in healthcare

February 6, 2020

Ransomware is on the rise. What can healthcare organizations do to stop these hacks?

Ransomware attacks are on the rise. Everywhere you look, yet another healthcare network or business has fallen victim to these cybercriminals. Harbor Medical Group and Health Alliance Plan are just a couple examples from 2019’s headlines. Ransomware attacks have become a worldwide epidemic and show no sign of slowing. In fact, recent reports state that by 2021, ransomware damages could cost the world $20 billion

Not only expensive to attempt to resolve, ransomware attacks also can be very difficult to prevent; cybercriminals continue to evolve their strategy. Recent attacks have demanded more substantial sums of money than ever before and targeted small and midsize providers who often have less sophisticated IT systems and therefore are more willing to pay to protect their patients’ information.

So how can healthcare providers harden their security measures and protect information in the event of an attack? Let’s start by taking a more in-depth look at how ransomware works.

What is ransomware?

Ransomware is a type of malware that locks businesses out of their patient files, financial records and other vital data. Attackers then demand a ransom before returning data access to the victim. This type of malicious code can enter a system in various ways. Some of the most common include phishing emails that house embedded links or seemingly innocuous attachments. These attachments may not even contain ransomware code but will instruct a system to download ransomware code once opened.

The average office worker receives more than 120 emails per day. Unfortunately, the heavy use of employee email makes the possibility of a ransomware attack even more prevalent. While many healthcare providers, especially small- to medium-sized organizations, think that paying off the cybercriminal is the only way out, this often is the worst tactic to take. Recent studies show that fewer than a third of businesses who pay the ransom actually receive access to their data.

Instead of paying off a cybercriminal, try a three-pronged approach using prevention, detection and response to limit fallout from an attack. Here’s how this strategy looks across the organization:

Secure your systems

The first step to preventing a ransomware attack is to restrict access to certain areas of the network.  Instead of allowing every employee access to every part of the system, set specific privileges for different departments or even each individual. Next, equip the system with effective anti-malware and anti-virus software to block any known threats from entering the IT environment. These tools can flag employee activity on possibly malicious sites, and also scan inbound emails.

Train your employees

Your staff is your best line of defense. Educating the staff on the common traits of a phishing email can reduce the odds the ransomware will be successful. These attacks are constantly evolving and even the best defenses will crack. Continuous reminders such as posters and discussions during weekly meetings will help to fill in those gaps. Consider tools like email phishing simulators to test and train your staff. Free tools can help to complement your internal training program.

Build a response plan

Should an attack occur, it’s vital to have a plan in place to execute a quick response. Start by completing a forensic analysis of the system and testing to outline weaknesses or potential threats. From here, enhance your organization’s tech stack. Implement an incident response manager tool that will identify how and when you’ve been compromised, and also reveal any changes that were made to the system and stored data. Early identification is the first step to restoring security within a system.

Create emergency response policies

The final step is to have early conversations with law enforcement to determine the odds of recovering data within a system. In some circumstances, and depending on the type of ransomware deployed, a healthcare provider could get a decryption key from the FBI’s database. Providers also must perform an analysis of their system to determine what communications were sent and what specific actions were taken on the network to provide insights into possible gaps within the security stack.

Ransomware attacks are a serious issue and should be treated as a potential threat for any healthcare provider. Instead of waiting for a ransomware attack to occur, take action now. Implement systems and strategies to prevent the possibility and establish a plan to recover data quickly when an attack does occur.

Rick Clark is the Corporate Security Director at Ontario Systems.