Cyber Hack, Code Blue – STAT!

Identifying and Preventing Ransomware Threats in Health Care
Of the five following industries – retail, government, transportation, finance and health care, which do you think represents the highest risk for a cyberattack? Let’s narrow the choices, it’s not retail, government, transportation or finance – it’s health care. Electronic health care records are 20 times more valuable on the black market than other sensitive data, including credit card information.

Cybersecurity is a growing concern within the health care industry. There’s one attack in particular that’s doing a sizable amount of damage. It’s ransomware—and depending on the size of the targeted company, which data or systems are affected, and whether or not backups are available—which can cost a health care organization anywhere from $700K and $1.5 million. Beyond the financial burden, ransomware can damage a company’s reputation, or worse, adversely impact patient care by interfering with access to life-saving medical information.

Identifying Ransomware Risks

Surely you’ve experienced annoying pop-up ads redirecting you to other websites. Ransomware operates in similar ways. The simple act of clicking the wrong link or downloading the wrong attachment, can infect the computer by invisibly installing ransomware on the operating system. Once installed, it holds the data/system “hostage” by preventing access. Then, it demands payment to regain access – hence the term “ransomware.”

88 percent of ransomware attacks target hospitals. Consider an administrator or caregiver using a shared information system to access patient data, when a pop-up notification appears stating that the employee broke the law. The alert continues, citing that a fine must be paid to regain access. Because the information is on a shared patient health care network—something many hospitals utilize with employees—a single click on the wrong link can infect the entire network, locking out all employees on that workstation, and potentially the whole system.

Types of Ransomware

There are two types of ransomware, Locker and Crypto. Locker-ransomware locks access to all systems preventing users from obtaining any information or performing any tasks on those computers that are networked to the targeted system. A screen message—the ransom note—is displayed on all desktops stating that all data and system access are locked, and payment is required to regain access. Presently, the most common form of ransomware is crypto-ransomware. Crypto targets specific files and data systems, then encrypts them. It leaves ransom notes throughout the system demanding payment for the key that will decrypt or unlock the needed files.

Because ransomware blocks access to data, it often serves the more nefarious intent of stealing sensitive data. Even if payment is received, many times the hackers won’t restore systems right away. They may also try to extort more money if they know the victim is willing to pay.

An Ounce of Prevention Is Worth a Pound of Cure

The best way to fight ransomware is to develop and implement a holistic plan involving people, process and technology. Proper preparation and management on the front-end prevents attacks from happening, saving time, money, and possibly, lives.

• People – Ransomware gains access to a system through the individuals’ actions via emails, suspicious downloads or clicks, USB drives, etc. It’s critical that all employees, not just IT or security employees, are trained to identify suspicious or unsolicited attachments. Hyper-vigilance and caution must be exercised at all times. Ongoing user education about cyber threats establishes a culture of security throughout the workforce.
• Process – Security cannot be a “one and done.” It’s not enough to perform an assessment or scan and then call it a day. By implementing responsible, ongoing security policies and procedures, health care organizations can vastly improve their defenses and maintain system integrity by preventing activities hackers can exploit.
• Technology – health care organizations should utilize multiple layers of technology to fight ransomware attacks, including:
• IT security solutions: To protect the perimeter
• Information governance: To identify and protect the company’s most critical data with backups and recovery options, therefore helping to control the amount of damage done in the event of an attack.
• Business continuity and disaster recovery solutions: Because of the Affordable Care Act (ACA), health care companies must make records available to patients and other hospitals. They need to be able to recover quickly in the event of an attack, as well as protect and preserve all sensitive data from cybercriminals.

All three of these things—people, process, and technology—must also undergo routine, mandatory testing to be sure systems and plans function as designed and that employees are up-to-date on education and training.