An international study reports nearly 40 percent of businesses experienced a ransomware attack in the past year. Add to that a recent U.S. government interagency report indicates that, on average, nearly 4,000 daily ransomware attacks have occurred since early 2016, representing a 300 percent increase over the 1,000 daily ransomware attacks reported in 2015.
In our digital healthcare world, this extortion threat to hospitals and health systems is escalating as professional cybergangs intensify their efforts. These hackers are ever evolving creative encryption schemes to hold electronic protected health data (ePHI) hostage until a ransom is paid. Proactive cybersecurity measures have never been more critical.
3 Preliminary Steps for Ransomware Prevention
Before your provider organization finds itself in a position of vulnerability at a hacker’s hand, implement these three phased steps for ransomware prevention (or malware prevention of any kind, for that matter).
- Proactively implement ransomware attack best practices (see below).
- Activate your incident response plan to tackle the ransomware incident as it happens.
- Analyze shortcomings, post incident, spotted during the investigation to better understand and communicate the “lessons learned” and to enact new action steps in advance of future attacks. For instance, your “security awareness” team can visually demonstrate to employees how the opening of phishing email scams automatically downloads ransomware onto the server.
These proven ransomware best practices can help thwart sophisticated cybercriminals’ threats.
Backup and Recovery Data Protection Program
Clearly a HIPAA Security Rule, a provider organization’s optimal backup and recovery data protection program will involve testing regularly in a secure location. What’s more, importantly part of a disaster recovery or data protection continuity plan are two elements as explained in “Understanding RPO and RTO”: 1) Recovery Point Objective (RPO) is the variable amount of data that will be lost or will have to be re-entered during network downtime. 2) Recovery Time Objective (RTO) designates the amount of real time that can pass before the disruption seriously harms and unacceptably impedes the flow of normal business operations. The RTO/RPO must meet your business objectives deemed critical for a backup solution in case of a hardware, software or communications failure.
A Well-Oiled Instant Response Program
Some ransomware attacks comes with a deadline to respond within 12 or 24 hours, depending on the hacker’s level of aggressiveness. It’s vital that instant response is timely and that critical decisions are made. Otherwise, you risk having your data lost forever. You may even have to potentially pay—and that’s an FBI recommendation, in fact. However, there is no true guarantee of safeguarding a true recovery in such cases. Tools for antivirus and malware detection including Kaspersky Lab, for example, also are available for eliminating old ransomware. Likewise, determine the type of ransomware that you are up against and whether the tools to eradicate it are readily available. This should be part of your instant response program.
IT and Data Asset Inventory
To effectively manage your organization’s assets, take stock of the number of an organization’s personal computers, medical devices, mobile devices, the software and network programs running and the archived ePHI and operations data. In essence, this includes all physical and virtual technology and information assets. Keeping account of this all-too-common process problem can be resolved through regular inventory maintenance checks.
Set Apart Medical Devices for Improved Ransomware Prevention
SelectUSA reports more than 6,500 medical device companies operate in the U.S. Most are small- and medium-sized companies, with 80 percent employing fewer than 50 staff. Many, notably start-up firms, have little or no sales revenue. Many medical devices are often excluded from a provider’s asset inventory due to being prohibited from implementing basic security measures. One solution is to isolate the devices to a dedicated network, mitigating risk to human life.
Change Organizational Behavior Toward Security
We are all part of a shared environment. We’re all connected. But just one employee’s decision to bypass security protocol can have a consequential impact on the entire network. A number of reputable studies support broad consensus that human error is the No. 1 cause of data breaches. Education on security policies and procedures, awareness, disciplinary actions and attitude change are needed—not more technology. Employees lacking understanding of why security measures are in place can be highly creative. They may circumvent security controls and open the door to innocent, costly breaches in data. Healthcare professionals in particular underestimate the importance of registering mobile, apps or other devices with their hospital’s security department. Instead, they load them onto their provider network with no thought of plans to maintain them. Sooner or later the devices are seized for malicious activity use.
Final Thoughts on Ransomware Prevention
Ransomware is not a new threat. It has been around for nearly three decades, dating back to the release of the 1989 AIDS Trojan. A mature security program is essentially your only weapon providing ultimate protection preparing for and minimizing this ever-changing, modern-day cybercrime.
This article was originally published by Health Data Management.