The tech savvy physician: 3 steps to protect your practice from ransomware

Ransomware is perhaps the greatest cybersecurity challenge facing the health care industry right now. A recent survey found that 73% of health systems, including hospital and physician organizations, reported their data infrastructures are unprepared to respond to attacks. The survey estimated that health care providers with 500 or more records are a staggering 300% more vulnerable to data breaches.

Numerous hospitals and medical centers have had operations severely impacted, or even halted from attacks, which is challenging under normal circumstances, but nearly insurmountable in the midst of a pandemic. In the instances reported, files and systems became infected, forcing practitioners to use manual pen and paper systems to keep operations from shutting down completely.

Attackers use a wide range of techniques to break into systems, find sensitive data, deploy encryption tools to lock data, and then demand a ransom in exchange for retrieving encryption keys. By employing the measures outlined below, health care practitioners can help protect their business, their patients, and their data from ransomware attacks in 2021 and beyond.

Invest in an IT staff

One key thing that makes a health care system an easy target is an understaffed IT department. For all the advanced medical technology and expertise hospitals and medical centers have in spades, they are frequently less prepared in the IT department. Technical staff and security funding tend to be in limited supply, and bad actors will schedule their attacks on weekends or off-hours, when they know IT staff is scaled back from the regular workweek.

Investing in a professional IT staff will ultimately save practices valuable time and money. Organizations need to shift to a “prepare and prevent” mindset, rather than “deal with the cleanup after-the-fact.”

Upgrade your security infrastructure

Another reason health care systems are easy targets is they tend to have a mix of older, legacy equipment and systems, as well as cutting-edge technology. If the older systems are not properly maintained, updated and/or patched, they become vulnerable.

Older medical devices, such as MRI machines or machines with databases built into them, have vulnerabilities that are well known to seasoned ransomware attackers, such as password-related backdoors due to weak manufacturer-set passwords or poor password security practices.

Future-proofing information systems and the application infrastructure against ransom attacks is essential whether or not the practice has suffered an attack. Practitioners must assume that the precursors to the next attack are already inside the system. Once inside a system, ransomware and associated malware are designed to look like normal operations. This is how they are able to dwell inside networks for weeks and months, executing undetected.

Advanced cybersecurity solutions enable visibility into essentially every application function during runtime, with real-time insight into performance. The aim is to stop exploits as soon as they occur, before any significant damage is done. These solutions are designed to detect and stop any code that deviates from normal.

Educate all employees

All employees, from doctors to front office staff, must be on high alert. Cybercriminals are using increasingly manipulative exploits during the global health crisis. It’s important for every practice to educate their staff about phishing email and other potential risks to avoid. Research states that nearly 93% of attacks infect systems from a phishing email with a malware-laced link. “Drive-by downloading” is another method where a user accesses an infected website and becomes infected.

Particularly with an increase in remote work, medical networks are even more vulnerable, and staff need to be extra cautious. Oftentimes medical staff need to access critical data from remote laptops, some of which may be personal laptops or devices that have users other than the employee. Without remote work, server workloads would mainly only be exposed to private networks. Now they are exposed to remote workers’ unsecured devices, further exposing practice networks.

Staff should enable two-factor authentication on network devices and systems and follow a password management policy that enforces regular updates and strong passwords. Implement a reliable backup and recovery system protected from network access. Regularly update all software, operating systems and antivirus solutions. These small steps in everyday practice workflow can ultimately be the first barrier of defense from a ransomware attack.

Regardless of how much practices prepare, hackers will continue to hack successfully. The question health care systems face now is whether their network is prepared to handle better and more frequent attacks without shutting down completely. Health care organizations are critical infrastructure, providing essential services for the public. Their many vulnerabilities leave them exposed, but by implementing these key steps to protect their organization, practitioners can strengthen and fortify their security stance.

Willy Leichter is the VP of Product Management at Virsec, the industry leader in application-aware workload protection. He has over twenty years of experience in product marketing, product management, outbound marketing, communications, digital marketing, and demand generation.