There are a lot of complicating factors when it comes to a healthcare ransomware attack. Like any cybersecurity...
threat or attack, health IT professionals want to do everything in their power to prevent one from happening. But equally as important is planning for what can be done after a healthcare organization has been hit by a ransomware attack.
Unfortunately, being hit by a ransomware attack is likely. In early 2016 alone, there were 4,000 daily attacks against healthcare organizations. That's a 300% increase from the 1,000 daily ransomware attacks reported in 2015, according to a U.S. government interagency report.
However, healthcare CIOs agree that if an organization is hit by a ransomware attack, the ransom should not be paid.
"You really should not be paying these people," said Harun Rashid, vice president of Global Health Services and CIO of Children's Hospital of Pittsburgh of University of Pittsburgh Medical Center (UPMC). "Because once you start paying, you will only, probably, be more of a suspect for other ransomware because they know you are paying and you are giving into those things."
Not only that, but Rashid makes the point that, even if an organization pays the ransom, there's no guarantee that the attackers will return its data.
"You don't know where they're coming from," he said. "They could be in China, they could be who knows where, and you may never hear anything from them."
Ultimately, Rashid said, prevention and backups are key.
Preventing a healthcare ransomware attack
For robust prevention against healthcare ransomware attacks, hospitals and health systems need to take a multipronged approach. Rashid offers up six pointers.
Detecting vulnerabilities. Rashid suggests investing in technologies to help detect any vulnerable backdoor Trojans like CryptoLocker, downloads, spam, executable files that are coming into the organization, in addition to filtering emails and identifying people gaining access to the organization that could steal passwords.
Emails. "Any email that comes into your organization that has an .exe file, you should be able to scan those and filter those to understand, 'Why do I have these executables?'" Rashid said. "Because once you open up the executable, you're … basically allowing the ransomware to come in. So, figure out how to kill that before it comes [into your organization]."
Harun RashidCIO of Children's Hospital of Pittsburgh of UPMC
Remote desktop. Tightly govern any staff accessing the healthcare organizations' network remotely, Rashid said, and make sure they are doing what they're supposed to be doing while connected. Rashid suggests taking a strict approach and really making sure only certain people are allowed access.
Mobile. "At UPMC, what we do is, anybody that uses a mobile device, we basically force them to create strong, authenticated passwords," Rashid said. "We basically put our firmware in those devices to protect them. So in the event they lose that device, we can remotely wipe any information in those devices."
Wi-Fi. Rashid advises healthcare organizations to segment their Wi-Fi and have Wi-Fi for guests to connect to and Wi-Fi for employees to connect to.
Software updates. "This is an area that organizations don't do very well," Rashid said. "Vendors are constantly putting up patches and updates for software; for malware, for vulnerabilities. They do a good job of it."
Rashid explained that, sometimes, organizations are not aggressive enough when it comes to updates and patches.
"It's very important that you stay on top of those patches and … to upgrade your software because that will help you with minimizing attacks … [by ensuring] that all your devices are up to speed and the penetrations will be, hopefully, minimized because of that," Rashid said.
Recovering from a healthcare ransomware attack
Although healthcare organizations should do everything within their power to prevent healthcare ransomware attacks, sometimes, it's just not possible to stop them.
That's why healthcare organizations should also prepare for after they've been hit by a ransomware attack, so that they can avoid paying the ransom and still have access to their data, Rashid said. The key here is frequently and consistently backing up data.
"The biggest thing that will defeat ransomware is to have regular backups," Rashid said. "So if you do get attacked … you may lose some of the documentation from earlier [in] the day or something, but at least you can restore your information from your backup."
Ten ways to stop a healthcare ransomware attack
Hit by a ransomware attack? Here's how to respond
Cybersecurity strategies: Balance the human factor with technology