It’s the perfect storm – a lack of investment in security technologies, bulk availability of lucrative personal identifiable information (PII), and the propensity of healthcare organizations to pay the ransom (given the high stakes). No surprise then that the number of ransomware attacks on US healthcare organizations increased 94% from 2021 to 2022. How can healthcare organizations protect themselves from ransomware, mitigate the risks, and blunt the impact? Read on for four “remedies” tailored for the healthcare industry to combat ransomware attacks, based on the Essential Eight Maturity Model.
Ransomware Attacks on Healthcare: What Makes it a Lucrative Target?
Ransomware is a type of malware that attacks and encrypts computer files thus blocking access. A “ransom” is then demanded, usually in cryptocurrency like Bitcoin, to regain access. Ransomware has become one of the most frequent types of malware with an estimated attack happening every 11 seconds globally. Healthcare has always been ransomware’s favorite target, but ransomware attacks on healthcare have been on the rise in recent years. Ransomware attacks against healthcare organizations nearly doubled in 2021. Sophos noted that healthcare had the “highest increase in the volume of cyber-attacks (69%) as well as the complexity of cyber-attacks (67%)” when compared with cross-sector averages.
There are a few reasons why healthcare is such an attractive target for ransomware gangs. Firstly, the COVID-19 pandemic has resulted in a dramatic increase in the amount of PII that is being exchanged electronically. This gives cybercriminals more opportunities to intercept unencrypted data. Furthermore, the large number of devices used in hospitals for patient-monitoring machines, imaging devices, and medication scanners that are connected to the internet provides many opportunities for hackers to launch ransomware attacks. Secondly, many healthcare organizations have been slow to adopt security technologies, leaving them vulnerable to attack. Finally, and perhaps most importantly, healthcare organizations are often willing to pay the ransom because of the high stakes involved. High stakes? Compromised patient care, interrupted access to patient’s medical data, infected ePHI (electronic protected health information), non-compliance with stringent data regulations, and most critically – loss of life. In 2021, the first “death by ransomware” lawsuit was filed by the mother of a newborn who died because of fatal brain damage after heart rate monitors failed due to a ransomware attack on the hospital.
Four Remedies for Ransomware Attacks on Healthcare
Here are a few remedies that healthcare organizations can employ to combat ransomware:
#1 Secure Applications and Endpoints
One of the most important steps healthcare organizations can take to protect themselves from ransomware is securing their applications and endpoints. Here are some practical ways:
- Only allow executables, software libraries, scripts, installers, compiled HTML, and HTML applications that have been approved by the organization to be run.
- Implement Microsoft’s recommended “block rules” and “driver-block rules” – a list of valid applications that an attacker could potentially use to bypass Windows Defender Application Control.
- Apply patches, updates, or vendor mitigations for security vulnerabilities within two weeks of the release, or within 48 hours if an exploit exists.
- Microsoft Office macros are disabled for users that do not have a demonstrated business requirement.
- Implement “user application hardening” whereby Web browsers do not process Java, web ads, etc. from the internet.
#2 Improve Detection Capabilities
By improving detection capabilities, healthcare organizations can identify attacks early and contain them before they cause too much damage. Some suggestions:
- Implement advanced security technologies such as next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), and data loss prevention (DLP) systems.
- Deploy security information and event management (SIEM) technology to collect and analyze security data from across the organization.
- Increase the use of artificial intelligence (AI) and machine learning to help identify ransomware attacks and other malicious activity.
- Train employees to be aware of the signs of a ransomware attack and what to do if they suspect one is taking place. Evangelize your ransomware incident response plan.
#3 Restrict Access to Data and Systems
By securing access to data and systems, healthcare organizations can make it more difficult for attackers to steal or modify data. This can help to minimize the impact of a ransomware attack.
- Central to securing access is by using Two-factor authentication (TFA) or Multi-factor authentication (MFA). MFA/TFA increases security by requiring users to provide two or more forms of authentication, like a password and a code from a cell phone. This multi-layered security has been proven to successfully block 99.9 percent of data breaches due to compromised credentials. So much so that Microsoft has mandated MFA for all its Cloud Solution Provider (CSP) program partners. Consider making MFA/TFA mandatory for your organization’s users to authenticate to both your services, as well as third-party services.
- Healthcare organizations should also consider encrypting sensitive data, both at rest and in transit. Encryption makes it more difficult for attackers to read or modify data, even if they are able to gain access to it.
- Privileged access to systems and applications should be strictly controlled to only what is required for users and services to do their jobs. Implement “least privilege principles” to make it more difficult for attackers to execute their ransomware payloads.
#4 Invest in Post-Ransomware Recovery
One of the best ways to blunt the impact of ransomware, ensure minimal downtime, and enable seamless business continuity is to have a robust Disaster Recovery Plan (DRP) in place. Here are some measures to keep in mind for quick post-ransomware recovery.
- Create a dependable Ransomware Incident Response Plan that details the steps for the 5 major post-ransomware phases – attack validation, attack containment, data and systems recovery, communication and coordination, and continual improvisation. It is crucial to optimize your Recovery Point Objective (RPO) – the maximum amount of data your business can withstand losing, and Recovery Time Objective (RTO) – the amount of time it takes to get back to business.
- Security experts worldwide including the CISA recommend that “Backing up Is your best bet against ransomware”. Invest in a reliable backup and recovery solution that adheres to backup best practices for ransomware recovery. This includes checking that the backups are offline/cloud-based, securely encrypted, immutable, and comprehensive. Additionally, check the easy and speed of recovery and verify that it isn’t time-barred. Fast, unlimited recovery from any point in time is a must to restore a clean copy of your data.
- Don’t forget to regularly test your backups. Here are some helpful Whys and Hows of Backup and Recovery Testing.
- Lastly, consider investing in Cyber insurance. Cyber insurance can provide financial protection in the event of a successful cyberattack. It can also help to cover the costs of recovery, such as hiring a third-party firm to assist with data restoration. Cyber insurance is not a silver bullet, but it can help to mitigate the financial impact of a ransomware attack.
Recover ASAP from Ransomware with HIPAA Compliant Backup For Healthcare
CloudAlly’s HIPAA-Compliant Backup is tailored for the healthcare industry. Our differentiators include:
- Cloud-to-cloud backups stored on AWS S3 servers with unlimited storage
- Immutable Backups with provision to enable Immutable – Object Lock
- Data encryption at rest with advanced AES-256 bit encryption and in-transit using SSL (HTTPS) enabled servers.
- HIPAA compliant with the provision of a BAA Agreement on request
- Multi-factor authentication, OAuth, and Okta support.
- The customer has full control of data – Admin-controlled backups, no data retention after deletion. All activities are logged for audit and monitoring purposes
- Your choice of data centers in Australia, Canada, France, Germany, Ireland, the UK, and the USA
- Comprehensive SaaS Data Protection Platform that includes Microsoft 365, Salesforce, Google Workspace, Dropbox, and Box, and encompasses all data stored within. For instance, the Microsoft 365 backup includes Mail, Calendar, Contacts, Tasks, Groups, Teams, OneDrive, and SharePoint.
- Smart 1-click recovery of data from any point in time and at any granular level.
- Intuitive, non-technical interface. Exceptional customer support by chat, phone, email, and a dedicated Customer Hub.