Sergey Nivens - Fotolia


Preventing ransomware: Healthcare CIO discusses top technologies

Security is a top concern in health IT, especially given that attacks have become more sophisticated and frequent. A CIO talks about key technologies for preventing ransomware.

Ransomware and cybersecurity attacks are the norm these days. If an organization hasn't been hit yet, it's really only a matter of time, especially given the thousands of daily attacks that happened in early 2016 alone.

Although an attack may seem inevitable, experts agree that healthcare organizations should, of course, fight back and equip themselves with the most effective tools and technologies to help with preventing ransomware attacks.

David Reis, a former CISO and current senior vice president and CIO at Lahey Health in Burlington, Mass., recently discussed specific technologies healthcare organizations can use to prepare for all sides of an attack, including technologies to detect, prevent and recover from them.

Firewalls and security email gateways

Reis said that a next-generation firewall, a hardware or software-based network security system that is able to detect and block attacks, can be very helpful in preventing ransomware from entering the healthcare organization. Especially if those firewalls collaborate with email security gateways, which is the most common entry point for ransomware attacks, he said.

"When the email security gateway solution is able to communicate with the next-generation firewall, there is some pretty significant synergy that can happen, which … can keep ransomware out of an environment," Reis said. "And then, if ransomware gets in, this level of communication [and] interoperability would inhibit ransomware's ability to run effectively, thwarting the attack and thereby protecting [patient] data."

These solutions really minimize the likelihood and impact of a ransomware event.
David ReisCIO at Lahey Health

Reis explained that this interoperability between firewalls and email security gateways would be able to identify anything suspicious running in the organization's environment. Working together, the technologies would be able to inspect email attachments for any known patterns.

"Security email gateway vendors see things on a massive scale and are quickly updated because of their global network of devices," Reis said. "So they very quickly start to block out email attacks, much like one would expect spam to be filtered, but it's at the malware and ransomware level."

He added that, together, these two technologies can help strengthen cybersecurity in organizations because, should any malware enter an organization's network, the firewall and email security gateway can interrupt the execution of the payload.

"This once again goes back to the concept of defense in depth security, but enhanced by interoperability between heterogeneous security technologies," Reis said. "Neither one of these alone is enough, but these two capabilities in addition to antivirus and good user hygiene are really significant lines of defense against malware and ransomware."

Backups and minimized use of Windows network shares

Reis said healthcare organizations should also have frequent and reliable backups of data, in addition to minimizing the use of Windows network shares for storing sensitive information.

"Ransomware executes on a local device and tries to jump from the local device to network shares," Reis said. "If network shares are not used to store patient information, that really has a minimizing effect on a ransomware event because there would be limited or no sensitive information in the affected network share."

Another way healthcare organizations can strengthen cybersecurity is by using applications where files can be stored, but in which network shares are not used. For example, Microsoft SharePoint.

"These solutions really minimize the likelihood and impact of a ransomware event," Reis said. "Basically, we want to store the information in places that the ransomware doesn't effectively attack."

Multifactor authentication for remote access

One of the reasons that phishing events are so prolific and effective in healthcare is because multifactor authentication is not being widely used in healthcare yet, Reis said.

"A well-intentioned employee simply replying to a phishing email and inadvertently giving up their user name and password very commonly gives a bad actor access into whatever system they're trying to access," he said.

Reis advised that healthcare organizations not only require usernames and passwords, but also require PINs that change every 30 to 60 seconds if they want to be successful in preventing ransomware. Only after the correct username, password and PIN are entered can the user remotely access the system. For healthcare organizations, multifactor authentication for secure remote access to email; business applications, such as an ERP system; clinical applications, such as the electronic health record system; and access to the patient portal, is important, he said.

Reis believes that multifactor authentication is the type of technology that would have largely prevented the many email breaches and phishing attacks that have been happening recently in healthcare organizations.

"I think, within the next 18 to 24 months, we're going to see that multifactor authentication … for remote access to systems that contain PHI [protected health information] is just going to become the common standard," Reis said.

Next Steps

CIOs discuss cybersecurity vulnerabilities, offer pointers

Medical imaging systems are in need of more cybersecurity

Stop a ransomware attack with these ten steps

Dig Deeper on Electronic medical records security and data loss prevention