By Phil Richards, Chief Security Officer at LANDESK
Ransomware has become an extensive problem across industries, in which malware takes vital files hostage until financial demands are met. Following the success of several high-profile attacks on hospitals and healthcare facilities, including an attack on Maryland-based MedStar Health when hackers requested $19,000 to decrypt the company’s data, cyber criminals are increasingly targeting healthcare providers.
The absolute need healthcare companies have for daily access to their data makes targeting these businesses with ransomware even more enticing to cyber criminals. But the loss of access to patient records can suspend critical services and completely stop communication until access is reinstated. Unlike the financial industry, there’s a plethora of smaller healthcare businesses, clinics and hospitals throughout the nation. Oftentimes these smaller companies don’t have effective controls in place to be able to operate without their data, or the proper security infrastructure to withstand increasingly sophisticated malware.
There are steps healthcare companies can implement, however, for proactive prevention against ransomware. Blocking much of ransomware whittles down to blocking sketchy emails.
Educate Your Personnel
The first step to preventing ransomware is educating your personnel on the dangers and how to detect and avoid them. Since almost all ransomware originates through the vector of email phishing, it’s particularly important to teach your staff about identifying suspicious emails. In healthcare, many ransomware attacks come in the form of disguised invoice or bill emails.
My company uses a continuous training program surrounding anti-phishing education. At LANDESK, we contract with third-party companies that send “bad” emails to our staff to see if they can recognize a phishing email. If an employee engages with this email, they receive immediate feedback about their mistake. These emails are also tracked to observe and analyze company-wide email behavior.
This type of training is even more essential as ransomware criminals are becoming experts at social engineering; they know how to craft cunning emails that are difficult to ascertain whether they’re legitimate without proper training. The ultimate objective is to reduce the likelihood of ransomware infiltrating the workplace by reducing the chance your people will click on a URL.
Practice Email Hygiene
While education is important, your employees aren’t going to be able to catch everything. It’s equally as imperative to have strong email filtering systems in place, which provide a multi-stage filter that scans inbound emails to catch malware executables and other dangerous items. These systems can provide email URL rewriting that examines a URL through a gateway before the email is delivered to assess website vulnerability at click time.
Healthcare companies should also disable macros in office documents, especially in email delivered documents. They should also detonate email-blocking programs to perform behavior-based detection of malware, which will look at executables and run them in a virtual environment to decide whether they’re fit to send to employees or not. These systems are another obstacle for ransomware to overcome, and will stop malware-laden emails at the source.
Patch Endpoint Devices
Whether it is a computer, tablet or smartphone, patch the operating system and all applications running on the device. These patches provide defense so the malware often cannot load onto the device in the first place. Best practice is to use a patch management system.
If It Occurs
Unfortunately, ransomware attacks can still happen despite our best efforts. To sidestep panic, have a concrete plan in place for such an event that has been formulated and approved by members of finance, HR, IT, the C-suite and even medical staff. If an attack happens, immediate action is vital. Plan to isolate and power-off the infected systems, secure backup data, contact law enforcement, collect and secure all evidence, change accounts and passwords, clean infected systems while off-line and research recovery options that don’t require paying ransom. Practice this protocol like you would a fire drill from time to time to ensure all parties are prepared. Remember that paying the ransom doesn’t guarantee restoration of your data, or that malware will be removed from your system. Resist the urge to pay because the criminals may keep demanding more money without delivering the data.
Though ransomware may seem alarming, having a plan in place will help mitigate the impact. Cyber criminals continually target healthcare environments through email direct access, physical infiltration and social engineering. By responding to these threats with continual education, strong email systems and a patching program in place, you’ll be able to better pinpoint and fight against attacks.