An international study reports nearly 40 percent of businesses experienced a ransomware attack in the last year. A recent U.S. government interagency report says there have been about 4,000 ransomware attacks every day since 2016. This is a 300% increase compared to the 1,000 daily attacks in 2015.
The danger to hospitals and health systems from cyber gangs is increasing in the digital healthcare field. These hackers are ever evolving creative encryption schemes to hold electronic protected health data (ePHI) hostage, until a ransom is paid. Proactive security measures have never been more critical.
To protect your organization from hackers, follow these three steps to prepare for and handle ransomware:
- Proactively implement ransomware attack best practices (see below).
- Activate your incident response plan to tackle the ransomware incident as it happens.
- After an attack, find out what went wrong and learn from it. Make new plans to be ready for future attacks. For example, your security team can show employees how opening a scam email can cause ransomware to download on the computer.
Ransomware Best Practices
These proven ransomware best practices can help thwart sophisticated cybercriminals’ threats:
Backup and Recovery Data Protection Program
A good backup and recovery plan for your data is important and required by HIPAA. Test it often in a safe place. A disaster recovery plan should include two parts, called RPO and RTO. This is further explained in “Understanding RPO and RTO.”
Recovery Point Objective (RPO) means how much data might be lost or need to be put back in during a network problem. Next, Recovery Time Objective (RTO) means how long your business can be stopped before it causes serious problems. Your RTO/RPO must meet your business goals and be ready for any problems with hardware, software, or communication.
A Well-oiled Instant Response Program
Some ransomware attacks comes with a deadline to respond within 12 or 24 hours. It’s important to respond quickly and make important choices to avoid losing patient data or personal information forever. You may even have to potentially pay—an FBI recommendation, in fact. However, there is no true guarantee of safeguarding a true recovery in such cases.
Tools for antivirus and malware detection including Kaspersky Lab, for example, also are available for removing old ransomware. Knowing the kind of ransomware you face and having tools to remove it should be part of your fast response plan.
Regular Employee Training and Phishing Simulations
Frequent employee training on cybersecurity awareness and phishing simulations can help identify potential weaknesses in your group’s security. Teaching workers to spot and report tricky emails and strange activities can lower the chance of ransomware harming your computers.
IT and Data Asset Inventory
To manage your group’s things well, list all your computers, devices, software, and stored data. This includes all physical and virtual technology and information assets. Keeping account of this all-too-common process problem can be resolved through regular inventory maintenance checks.
Set Apart Medical Devices
SelectUSA states there are over 6,500 medical device companies in the United States. Most are small, with 80% having less than 50 employees. Many, notably start-up firms, have little or no sales revenue.
Many medical devices are weak and can’t use basic security, so they’re often left out of a provider’s list of things they own. Therefore, one solution is to isolate the devices to a dedicated network, mitigating risk to human life.
Organizational Behavior Change toward Security
We are all part of a shared environment. We’re all connected. But just one employee’s decision to bypass security protocol can have a consequential impact on the entire network. A number of reputable studies support broad consensus that human error is the primary cause of data breaches.
Education on security polices and procedures, awareness, corrective actions and attitude change are needed—not more technology. Employees lacking understanding of why security measures are in place can be highly creative. They may circumvent security controls and open the door to innocent, costly breaches in data.
Healthcare professionals in particular underestimate the importance of registering apps or other devices with their hospital’s security department. They’ll load them onto their provider network with no thought of plans to maintain them. Sooner or later the devices are seized for malicious activity use.
Final Thoughts on Ransomware Best Practices
Ransomware is not a new threat. It has been around for nearly three decades, dating back to the release of the 1989 AIDS Trojan. Thus, a mature healthcare cybersecurity program is essentially your only weapon providing ultimate protection. This will prepare your organization for and minimize the potential harm of ever-changing ransomware.
Using multiple layers of security, such as firewalls, intrusion detection systems, and regular software updates, can strengthen your group’s defenses against ransomware and other cyber threats.
Training and teaching workers about risks, how to notice them, and what to do when facing a threat is very important. Regularly telling workers about new threats and giving them helpful tools can make a big difference in your group’s overall safety.
Additionally, organizations should implement secure password policies and encourage the use of two-factor authentication (2FA) wherever possible. These measures help to protect user accounts from unauthorized access and can significantly reduce the chances of a successful ransomware attack.
Collaborate with other healthcare organizations and industry experts to share best practices and stay informed about emerging threats. When organizations work together, they can better protect themselves and patients from the constant danger of ransomware and other cyber attacks.
If you’re ready to partner with a cybersecurity advisory team, reach out to us today. Together, we can develop a comprehensive security plan that addresses your healthcare group’s unique cyber vulnerabilities and keeps your data and systems protected against ransomware and other cyber attacks.