Although much of the buzz about ransomware has quieted down in the days since the NotPetya and WannaCry attacks, the threat persists and hospital IT and security teams should remain vigilant.
Just like phishing attacks and other types of malware, expect hackers and cybercriminals to keep launching ransomware attacks against your network for the foreseeable future.
That means healthcare organizations should be putting in place or shoring up robust measures needed to secure patient data and prevent malicious attacks on critical systems and information.
Ransomware status check
Ransomware, a type of malicious software that infects computer servers, desktops, laptops and other mobile devices, encrypts critical files and then alerts the organization to its monetary demands with a ransom note.
A recent report from Singapore-based Cyber Risk Management (CyRiM) project found healthcare would be one of the worst affected industries by a theoretical global ransomware attack, with losses approaching $25 billion.
In addition to the financial havoc ransomware can cause, critical equipment can also be rendered useless, which severely impacts a facility’s ability to care for patients and in worst-case scenarios calls for reverting back to paper.
High profile cases like the global WannaCry outbreak of 2017 have already directly impacted major healthcare organizations — with the United Kingdom’s National Health Service (NHS) brought to a standstill for several days.
This resulted in the cancellation of thousands of operations and appointments and the relocation of emergency patients from affected emergency centers.
In the United States, the Hollywood Presbyterian Medical Center in California was forced to manual pen-and-paper operations for four days in response to a ransomware attack in 2016.
A nightmare case in late 2017 involved Erie County Medical Center, which lost access to 6000 computers, requiring six weeks of manual operations and a recovery process that ultimately cost $10 million.
What’s more, a December 2018 Kaspersky Lab survey of nearly 1,800 employees based in healthcare organizations in the United States and Canada revealed the alarming depth of the ransomware problem. Of the respondents who said they were aware a ransomware attack had taken place in their organization, a third said this had happened more than once, and nearly eight in 10 noted their firm had experienced up to five attacks.
What to do now
Among the steps healthcare organizations should take to limit their exposure to ransomware attacks include segmenting networks, which makes it harder for ransomware to spread from system to system.
Other key practices include patching known vulnerabilities in applications and operating systems as soon as possible, as well as keeping endpoint anti-malware software up-to-date.
Implementing a robust backup regimen, with multiple copies of critical business and patient data kept locally, offsite and in the cloud is another must-have.
Frequent backups also give organizations the ability to restore their systems to a state before the incursion. Plus, the HIPAA security rule actually requires healthcare providers to implement a backup plan as part of an overall contingency plan in the event of a security breach.
Broadly speaking, more work needs to be done in 2019 and beyond regarding security strategy awareness and end user education, with IT leadership working to ensure every employee is aware of security protocols.