Ronald Hudson - Fotolia
Hospitals are alarmed by the number of recent ransomware attacks with healthcare targets. Healthcare has seen its share of cybersecurity issues over the years, but the thought of a ransomware threat puts hospital IT departments on edge.
Ransomware is a serious problem in healthcare, even though in most cases data is not leaked out or stolen. The infected computers can stay undetected for some time, and the nature of the intrusion changes frequently enough that many antivirus platforms can't always detect it right away. Often by the time a tool is developed to block one strain, a new one is introduced, and the threat is back with a vengeance. So in the face of this serious problem, what can a health IT team do to protect its environment from it?
Many ransomware attacks succeed by attacking a computer when a user opens an email, website or flash-based content that contains the infection. Once a system vulnerability is exploited, the computer downloads the virus and proceeds to encrypt all files accessible on the local machine. This means if the user of the infected computer has administrative privileges or wide network access, he will likely cause a massive file encryption. Once the data is encrypted, it becomes unusable unless the user or organization pays the ransom to receive the decryption key.
Many security experts find it almost impossible to reverse the effects of such an attack and usually recommend going to backups and restoring the data. If backups are not available, the organization may be forced to pay the ransomware fee. Though these attacks are criminal acts, legal authorities throughout the world are not able to investigate every ransomware threat.
The following steps are some ways that a healthcare IT department can mitigate the risks associated with a potential ransomware attack.
How to stop and counter a ransomware threat
Define an action plan.
In response to the increase in ransomware attacks and other security threats, a healthcare organization must create and refine a plan of action in case their system gets compromised. This includes ensuring disaster recovery and business continuity plans are up to date and that the team understands the various threats and their effects on the organization.
Educate and help prevent attacks.
Prevention is the preferred method of stopping the risks associated with ransomware attacks. By educating users on how systems are infected and how to safely browse the Internet, an IT department can help users avoid taking unnecessary risks.
Keep all systems secure.
To remain compliant with HIPAA regulations, all systems that may contain protected health information are required to stay patched and up to date. To protect against a ransomware threat, a similar approach must be taken so that all systems are secured against any potential vulnerabilities.
Monitor network traffic and file access.
One of the common behaviors of ransomware is it attempts to connect to infected websites using the onion routing (Tor) browser. This is done through the infected machines to get the encryption details to and from the cybercriminals. One method of scanning for data breaches and hackers is monitoring network traffic and unusual behavior within the systems. Detecting these outbound connections can pinpoint the location of an infection.
Back up all data at all times.
Having adequate backups in place is now a common occurrence within enterprises. While there might be few gaps within smaller healthcare groups where backups may not be as comprehensive, most backups will offer some relief after a serious infection. If some or all of a system's files get encrypted, restoring the files from a backup is the only recovery option.
Allocate access to data.
When most users map to network resources, they are likely able to access more folders than they need on a regular basis. As a best practice, IT must only assign permissions to network resources that are required for the users. This will make it so that if a user gets ransomware on their machine, the extent of the damage will be limited.
Get to know ransomware.
IT departments must understand the different strains of Cryptolocker and other infection types used by ransomware. This knowledge will allow them to know where to apply some of the protections and safeguards that they should enforce.
Adopt additional protection.
In some of the more recent attacks, ransomware went undetected by many antivirus tools. Infections have come through Word documents with macros, harmful websites and now flash-based online content. IT departments must apply safeguards to block suspicious emails and deploy additional filters that block potential harmful sites that could result in an attack.
Adopt creative security methods.
Many of the recent ransomware attacks were found to be communicating with IP addresses linked to the deep Web. If these IPs are blocked, the encryption can be stopped. Blocking Tor traffic is another worthy endeavor, since that is a commonly used method of communication by these viruses.
Reduce direct access.
Some hospitals have moved some of their internal data to cloud-based services. File-sharing systems such as SharePoint and OneDrive for Business offer additional protection to users. The way files are accessed in SharePoint have prevented make them inaccessible to most of the ransomware released thus far.
Ransomware has already caused significant damage to organizations. It has shown no signs of letting up and has become a serious danger in the healthcare industry. Healthcare organizations should take some of the preceding actions to avoid ransomware attacks and the resulting consequences, rather than standing by and hoping it doesn't happen to them.
Cyberattacks continue to hone in on healthcare systems cybersecurity
Growth of endpoints in healthcare brings more data breach concerns
Hospital systems targeted by ransomware attacks
Frequent data backups can help you recover from ransomware