The year 2016 was marked with an increase in cyberattacks against healthcare organizations, and 2017 is projected...
to have even more. These attacks can lead to life-threatening results in healthcare when they impact the different systems that caregivers rely on during the treatment of patients. It's no surprise why hospitals are targeted: end users rely heavily on electronic health records, and the need to have their systems always accessible leaves them susceptible to ransomware. If a ransomware attack is detected, some hospitals opt to pay the ransom and recover their files quickly, which motivates cybercriminals to make more attempts at other hospitals. The increase in attacks for 2017 is imminent and cybersecurity executives are looking for new ways to increase protections to avoid these malicious and dangerous infections.
According to a recent survey sponsored by Malwarebytes, the healthcare industry was ranked as the number one target for cyberattackers this year, followed by financial institutions. Both industries rely heavily on their computer systems to operate, and any disruption is costly and can lead to legal complications. This dependency on the computer system motivates cybercriminals to go after these organizations in the hopes that a hospital ransomware attack will result in guaranteed payment to avoid a system outage.
While it may not be possible to eliminate all online threats and security vendors cannot guarantee absolute protection, IT executives are still willing to do what they can and take the appropriate steps to mitigate the risks of a possible ransomware attack. Thus, many IT decision-makers are increasing their 2017 security budget to support the purchase of tools as well as additional resources to improve security. These five tips can help prevent a hospital ransomware attack from happening.
Increased funding for end user training
It is estimated that over 40% of spam email contain malicious content such as links to websites or attachments that contain viruses and ransomware. Hospital employees regularly receive email messages with harmful content despite the use of modern email protection and filter solutions. IT looks to educate end users on what to look for when they receive email messages with links or attachments to ensure they are more cautious with them. One way end users can determine if an email is harmful is to hover over the links inside the email body to determine if the URL is the same as the sender's domain. IT should also educate users to never share personal information online and to avoid opening attachments that are not expected or are from unknown sources.
Enhanced email protections and endpoint security
Despite the email tips and education, end users will still not see all the harmful email messages in their mailboxes. However, today antispam capabilities are built into on-premises and hosted email services. In 2017, IT departments will be looking to roll out more advanced functionalities such as advanced URL detonation, attachment scanning for malicious content, URL redirection and malicious website blocking. These services are available through third-party providers that will see a surge in adoption in 2017 to further the protections in place.
More protections at the browser level
Email is not the only source of infections; security experts report cybercriminals are hacking legitimate websites and loading them with exploit kits (EK). This allows them to infect unsuspecting visitors with ransomware and in some cases the ability to remote control the infected machine to steal the data. However, traditional signature-based antivirus tools are not always able to detect and protect against EK. New browser-based security tools have been introduced and vendors such as Microsoft are offering capabilities to protect endpoints at the browser level and ensure that, if a malicious site is visited, no code execution can harm the computer. The purchase of these tools will expand the protections in hospitals for those end users who frequently use the web for work-related activities.
Disaster recovery as a service
2017 will certainly include an increase in investments toward tools and solutions that can protect against and prevent a hospital ransomware attack, but there is still the reality that not all attacks can be avoided. Some IT departments are planning to adjust their disaster recovery plans to ensure their systems can recover quickly and fully in case of a major ransomware infection. The change may include the purchase of more backup equipment, online disaster recovery as a service subscriptions or adding more resources to help perform more test restore drills.
Intelligence network and traffic analysis
Ransomware is not the only major threat to healthcare that is pushing the security budget. The concerns of hackers being inside the hospital networks has also put IT executives on the edge especially after the publicized data breaches other hospitals encountered this year. Rolling out network monitoring and security tools with advanced traffic pattern analysis and intrusion detection is becoming a must-have. These tools are starting to gain interest along with managed security services that involve security specialists monitoring the network 24/7.
2017 will likely have its fair share of hospitals falling victim to cybercriminals despite many of the protections and steps taken by IT. There is always a chance the criminals will exploit a known or new vulnerability and penetrate systems before software vendors have the time to create a fix or patch it. Nevertheless, IT departments will continue to revamp their security practices and ensure they are taking the appropriate steps to protect their users and data.
Ten tips for protecting healthcare data from ransomware
How to identify and isolate hospital ransomware infections
Key technologies for preventing ransomware in healthcare organizations