Ransomware is rampant: Is your health care business safe?

While protective measures can limit the risk, outsourcing to a cybersecurity firm may be the safest option.

With ransomware attacks on high-profile businesses like Colonial Pipeline and JBS Foods in the headlines, health care managers at organizations of all sizes are increasingly asking, “Are we vulnerable too?”

According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

In the battle against ransomware, the challenge is that essentially any health care business with older PCs, networks, firewalls, or operating systems is vulnerable, particularly those that do not immediately update to the latest software to “patch” security issues, according to Yuriy Tatarintsev, manager, technical operations at BTI Communications Group, an IT cybersecurity and technology provider.

Safeguarding Healthcare Businesses of All Sizes

While keeping a health care business’s IT infrastructure and software fully up to date is the goal, even one PC running an older, unsupported version of Windows, for instance, can be “a chink in the defensive armor that invites intrusion,” says Tatarintsev.

So the fight against ransomware begins with having a companywide process to ensure that all machines are patched with the latest security updates from Microsoft and other applications as soon as they are released.

But defending critical business processes from attack goes beyond anti-virus protection that solely reacts to known threats, leaving operations vulnerable to unidentified risks.

“We recommend a new generation of advanced antivirus software that does not always depend on identifying known threats or ‘signatures’ but instead uses artificial intelligence to analyze which PC programs and processes are affected as soon as malicious activity is detected, and stops it,” explains Tatarintsev.

According to Tatarintsev, email security is also critically important, since insufficient precaution in this area is perhaps the leading cause of companies getting ensnared in ransomware.

“Most health care organizations become victims of ransomware when an employee receives an email that seems legitimate and clicks on an embedded link. This starts the ransomware attack, which then spreads throughout the company network,” says Tatarintsev.

To protect against this hazard, Tatarintsev recommends using advanced email spam protection tools that offer significantly more defensive capability than previous options.

“The advanced tools not only filter out all potentially malicious emails but stop users from going to dangerous website destinations by clicking on links that could start a ransomware attack,” he says. He explains that these tools rewrite all the embedded link Uniform Resource Locators (URLs).So if a user clicks a URL in an email, instead of linking to a potentially dangerous website, they are redirected to a safe location, or ‘sandbox.’ The URL is analyzed to determine if it is dangerous, and if it is safe the user is allowed to go to the original website destination.

Since “phishing” emails designed to start a ransomware attack can appear so similar to authentic emails, Tatarintsev advises that all employees receive periodic security awareness training. This not only teaches employees how to distinguish the latest potentially dangerous emails, but also sends safe, simulated phishing emails to test their responses on an as-needed basis.Employees who fail the test receive additional training, so they will not compromise the organization if an actual phishing email-ransomware assault occurs.

If all these defenses fail and ransomware does infect and shut down a health care organization’s IT network, a reliable backup system should be in place that can quickly restore all critical data.

“If a business’s vital server data is encrypted by ransomware, with a good backup system data can be restored,” says Tatarintsev. He notes, however, that some data will be lost, depending on the frequency of backup. Moreover, care must be taken as to how data is transferred and saved, so ransomware does not have access to storage sites connected to company networks.

While healthcare businesses can attempt to fight the growing scourge of ransomware in-house, most IT departments do not have the time, resources, or expertise available to deter the constantly evolving threat on a 24/7 basis.

As an alternative, an increasing number of healthcare businesses are cost-effectively protecting against ransomware by outsourcing to outside firms that remotely and continually provide protection. Additionally, this strategy eliminates the need to dedicate internal IT staff to these tasks. It also minimizes potential loss and even liability if serious harm results from disrupted company services.

With the menace of ransomware continuing to escalate, health care organizations of all sizes would be wise to examine options for deterring the threat before being victimized.

Del Williams is a technical writer in Torrance, California