Ransomware is now one of the most serious threats to healthcare organizations of all sizes.
In a ransomware attack, a virus enters the network and encrypts files on infected computers. Once the encryption process is complete, the virus presents a “ransom demand” to the user. Demands are usually denominated in the cryptocurrency Bitcoin and can range into the thousands of dollars.
Hospitals have recently become one of the most vulnerable targets for ransomware. Sixteen UK hospitals were hit in one major attack in May 2017. Recent attacks have incapacitated medical devices for the first time. Since many medical devices are designed to run on Windows, they can suffer from the same security vulnerabilities that shut down other systems.
Affected hospitals may end up diverting patients and spending millions on ransom payments – a course of action law enforcement officials have repeatedly stressed victims should not consider. There is no guarantee that payment of a ransom will lead to restoration of affected systems.
To defend against this next generation threat, a multi-layered approach is critical.
Let’s consider some of the security systems all medical centers should use:
Network Protection Including Encryption and Firewalls
Hospitals are at something of an advantage compared to other institutions – the era of HIPAA and electronic health records has given them great best practices for maintaining confidentiality. Now, they must go one step further by introducing end-to-end encryption to defend sensitive data. Advanced firewalls are also crucial, and all the better if they actively scan for intrusion.
Non-technical employees are the first line of defense against ransomware because they are often its targets. For example, one major attack was characterized by fake resumes sent to HR departments as email attachments. All employees must be alert to risks and know the signs of a “phishing” attack, when hackers use official-looking messages or pages to steal login credentials.
Risk Assessment, Impact Analysis, Continuity Planning
For security technology to be effective, the right processes must be in place. This starts with determining which enterprise data is most valuable and most vulnerable. Security strategies should plan for the best, but assume the worst: Detailed continuity plans must outline, in clear terms, each team’s role in defending and restoring systems under worst case scenarios.
Patch & Updates
Many consumers put off patching and updating software, but large institutions must be vigilant about it. Automated processes should be in place for recognizing and applying required updates – as well as rolling them back in the event they have unexpected effects. Updates should never wait more than 24 hours, because hackers won’t wait to use exploits they become aware of.
If the worst happens and ransomware takes hold, the most efficient way to restore service is to use a backup. Ideally, data should be backed up off-site through a secure, VPN-enabled cloud connection. If this is not possible, physical backups stored onsite – but kept separate from much of the network – may also be useful. Whatever the case, backups must be secured.
Although all personnel should know the facts about phishing, active countermeasures can be used for threat management. For example, anti-malware software can automatically scan and quarantine attachments or delete emails that match a known threat pattern. Being appropriately wary of links in emails and never sharing credentials over email can also go a long way.
In a well-run network, each member has access to only the data they need to perform their duties. Especially in a hospital environment, data pertaining to different functions and clearance levels should be effectively partitioned. Good access control policy also comes into play when network activity from visitors and patients is kept separate from mission critical activity.
Over the last year, more tools have become available to combat certain types of ransomware. However, as the massive international attack called WannaCry showed, a proactive approach is absolutely imperative. Because of the underlying technology used by most ransomware variants, accessing data after an infection can never be guaranteed.
To stand strong in the new millennium, hospitals and doctors’ offices must partner with recognized security experts. The best way to limit damage – and the resulting capital expenses, compliance overhead, and loss of public confidence – is by building a custom strategy from the ground up.
The pace of ransomware attacks is accelerating, and hospitals are clearly in the crosshairs of ruthless international threat actors. Relying on outdated technology may put lives in danger, but the opportunity to protect critical infrastructure remains in the hands of hospital executives.
To work directly with a team that understands hospitals’ needs, contact NCA today. Our security engineers are second to none in developing security plans centered on continuous uptime and minimal business disruption in the event of attack. We look forward to helping you.
Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.
NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.