How to Minimize the Risk and Impact of Ransomware or Malware Attacks
Ransomware and cyber-attacks aren’t new. However, healthcare organizations face rising threats from targeted strikes. These incidents come at a time when disruption-free virtual health services are crucial to safety. The dangers signal a need for leaders to take immediate action.
Unfortunately, there isn’t one solution that eliminates all threats. Instead, healthcare professionals must take a multi-pronged approach. Proactive, preventive measures reduce vulnerabilities. Learn how to use multiple defense layers to minimize the risk and impact of ransomware or malware attacks.
Ransomware and Cyber Attacks: An Ongoing Threat
Ransomware has hit the healthcare sector hard. This malware infects systems, so healthcare workers can’t access files or services. It moves laterally through hospital networks, hampering or outright rendering critical processes inoperable.
In recent healthcare incidents, outbreaks occurred principally via spam or phishing attacks. Other hacks targeted known system flaws. Once the ransomware enters the network, it reproduces and contaminates devices. Web-enabled tools, radiology machines, and hospital phones may be affected.
Cybercriminals demand payment in return for an organization’s access. Yet, all major agencies recommend against paying funds to hackers. The rash of attacks led the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) to put out a special statement.
Their key findings state, “Malicious cyber actors are targeting the healthcare and public health (HPH) Sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.”
High-Profile Risks to Healthcare Organizations
In 2020 alone, millions of patient records were compromised. Individual breaches and attacks occurred in many states, including Florida, Michigan, Ohio, Nebraska, Louisiana, Missouri, and New York. Some swept through entire healthcare systems, with one potential Ryuk attack affecting 400 US healthcare facilities.
Furthermore, CISA issued a warning about vulnerabilities in certain medical devices. They said, “A successful exploitation could expose sensitive data such as a limited set of patient health information (PHI) or could allow the attacker to run arbitrary code, which might impact the availability of the system and allow manipulation of PHI.”
Healthcare networks contain many moving parts, which is why your cybersecurity approach must be multi-layered. Plus, each layer requires frequent updates to account for the evolving risks.
Be Proactive: Follow Cybersecurity Best Practices
Due to advanced social engineering tactics, threats to healthcare systems are continually changing. New vulnerabilities can pop up without noticeable evidence. IT infrastructure can be compromised for protracted periods before ransomware is triggered. To combat this, professionals reassess existing cybersecurity investments and strategies.
Reevaluating helps you identify gaps using the most recent data from ransomware attacks on hospitals. By implementing cybersecurity best practices, you can reduce downtime and minimize risk, while better protecting people, systems, and data.
Reduce the Risk of Ransomware Attacks
Prevention is the best way to mitigate threats. Organizations often start by working with their internet service provider (ISP). Your provider may offer enterprise-level tools such as distributed denial of service (DDoS) protection services.
Use these cybersecurity best practices to decrease vulnerabilities in your healthcare organization:
- Prioritize patch management: Cybercriminals find entry by known software vulnerabilities, highlighting the importance of keeping applications, software, and operating systems patched.
- Harden your systems: Attackers search for any exposed areas, so decrease weak surfaces by closing ports and shutting off unused services. Leverage firewalls where possible.
- Apply “least access privilege” policies: Only give workers access to what is necessary for their job position and duties.
- Use multifactor authentication: Deter hackers by requiring more than one authentication layer for systems.
- Employ email gateway filters: These identify malspam indicators in subject lines and other areas while a firewall blocks suspicious IP addresses.
- Filter traffic by IP ports and addresses: Use threat-based and geographic blocking to filter outbound and inbound traffic.
- Require remote staff to use a virtual private network (VPN): A VPN adds a layer of protection for employees accessing systems and data remotely.
- Perform network segmentation: Use multiple servers to separate sensitive data from email.
- Auto-update software: Take advantage of software services that automatically update your antivirus and antimalware solutions and scan for outdated services.
- White-listing: Create a list of approved processes and applications and prevent the use of non-approved sources.
- Implement file integrity monitoring (FIM): This process reviews your system for changes, port activity, and unusual activities, like inappropriate access.
Check-In with Healthcare Third-Party Vendors
In our interconnected world, it’s vital to ensure your health technology partners prioritize cybersecurity. For example, more than 20 healthcare systems experienced threats after hackers attacked a cloud-based scheduling application. Consider:
- Reviewing your vendors’ security policies and procedures for detecting malware
- Adjusting your process for third-party remote access by disabling access until needed
- Examining vendor compliance with regulations and requiring a service level agreement (SLA)
- Going through all vendor accounts and updating/hardening passwords
Cyber Hygiene and Employee Training
Employee education and user awareness is the main way to prevent ransomware infections, especially in organizations with varying staffing flows. Medical and administrative staff must understand techniques used by cybercriminals and what these look like in day-to-day operations. Training should include:
- Email security: Teach staff how to identify problems with email links or attachments, including tips on avoiding them.
- Current trends: Highlight emerging risks, like phishing schemes that target staff through an organization’s email.
- Support policies: Explain the process and importance of reporting suspicious emails or stolen devices.
- Remote management: Clarify how off-site staff can access health systems, including rules for devices and methods for updating antivirus and malware software.
- Practice scenarios: Devise malware outbreak drills to ensure each person understands their role and learns from feedback.
- Awareness campaigns: Use your company’s communication platform to keep teams alert. Update staff and share phishing examples to raise awareness.
It’s also essential to update your password policies and procedures and considering implementation of identity management solutions to increase security protections. Develop rules for passwords, including account lockouts, password complexity, and frequency of credential updates. Moreover, employees shouldn’t share credentials. Consider using a tool that continuously looks for exposed passwords and alerts your team to vulnerabilities.
Deploy Technology to Protect Healthcare Infrastructure
Along with segmenting your networks to reduce ransomware spread, healthcare organizations rely on various technologies to prevent and respond to cyber threats. Security solutions may use artificial intelligence (AI) and threat intelligence software with centralized monitoring systems.
Signature and behavioral-based tools continually scan for malicious activities and can isolate remote browsers. All network security tools must be properly configured and kept up to date. Cybersecurity solutions include:
- Endpoint protection software
- Antivirus and antimalware programs
- Intrusion detection system (IDS)
- Email filtering solution
- Intrusion prevention system (IPS)
Breach Preparedness: A Proactive Approach
The average downtime after a ransomware attack is 15 days. Being without necessary digital records during that time is detrimental to all involved. With so much at stake, healthcare organizations must assume a breach is imminent.
Along with assessing risks, produce an incident response plan. It should explain how you identify incidents, isolate the breach, repair damage, and continue with normal operations. Include proactive, preventive, and business continuity steps in your strategy.
Data Protection and Recovery Planning
Cybercriminals will look for network backups, referred to as volume shadow copies. If they can gain access, hackers will corrupt or destroy backups. Reduce impact on your healthcare organization with a multi-level backup program.
Start by exploring significant assets and assuring these components are regularly backed up and kept offline from your hospital network. This data may include telehealth infrastructure, remote work foundations, patient database servers, and medical records. Best practices take a 3-2-1 approach:
- Three copies of data
- Two different media formats
- One off-site backup
Your plan should also create and save several backup versions. Variants account for the possibility of infected or encrypted files. Experts recommend off-site and offline backups as an extra preventive measure. But hard copy backups won’t contain your latest data, causing disruptions to patient care.
This is where organizations that have urgent data recovery needs, should develop their disaster recovery strategy to include implementing disaster recovery/replication solutions. Disaster recovery software offers the ability to ensure real-time replication of critical business data and even applications, and speedier recovery in the event of a compromise, to a more current state than backup solutions can offer – thus ensuring minimal downtime for mission-critical applications and associated data.
Additionally, third-party cloud-based disaster recovery solutions, (aka disaster recovery as a service (DRaaS)) can alleviate backup issues by performing data backups and real-time system surveillance. Lastly, regular testing your retained data’s integrity and accessibility is crucial to ensuring optimal business continuity.
Incident Recovery Strategies
Ransomware and malware attacks aren’t the only threats your organization faces. Disk hardware can malfunction, power failures occur, or weather-related disasters may harm onsite hardware. applications Having a backup is only one step of your resiliency plan.
To reduce downtime, you need a recovery strategy. A comprehensive plan, commonly known as a runbook, describes the estimated recovery times and goals, along with the process for recovery of critical systems, infrastructure, , and data. Your document may include:
- Offline documentation processes for electronic health records (EHR) downtime
- Graphics showing where your sensitive data resides
- An environmental, architectural diagram of key systems, hardware, databases and more
- Data flow documentation showing data lifecycle
- Communication response and notification methods
Get Cybersecurity Support
There are several ways healthcare organizations can get ongoing assistance from vendor partnerships and information-sharing programs. First, it’s essential to work with a third-party to complete a security risk assessment at least yearly. This evaluation should meet or exceed the Health Insurance Portability and Accountability Act (HIPAA) requirements. Learn more about ransomware, malware, and cyberattacks using:
- The CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) Ransomware Response Checklist
- MITRE’s Regional Incident Preparedness and Response Playbook for medical device cybersecurity
- CISA’s Technical Approaches to Uncovering and Remediating Malicious Activity
Next Steps: Assess Your Cybersecurity Plan
It’s important to move swiftly to prevent ransomware or cyber-attacks. However, a thorough cybersecurity strategy is an ongoing project. From tech tools to training, your entire organization should get involved. Each person can learn and follow acceptable practices that provide medical care and service continuity.
- How to Minimize a Ransomware or Cyber Attack on Your Healthcare Organization - February 9, 2021