How Healthcare Organizations Can Combat Ransomware

The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.

Mike Wilson, Founder & CTO, Enzoic

October 29, 2020

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Editor's note: Go here for breaking news on this topic. 

The recent United Health Services (UHS) cyberattack highlights that the healthcare industry is a prime target for cybercriminals. This breach was caused by ransomware thought to have been delivered by email from a phishing link. Recent research from Microsoft identified ransomware as a significant, growing threat that all industries must be mindful of.

Healthcare organizations rely on their digital systems with everything from electronic health records and diagnostic capabilities to networked medical devices interconnected. If a ransomware attack is successful, in addition to potential HIPAA violations, it could prevent a hospital from treating patients, which might eventually cost lives. Due to the potential implications, hospitals are increasingly a target of cybercriminals. While healthcare organizations have started to modernize their security infrastructure, many are still in the early stages of this transformation to deal with these sophisticated threats. This coupled with email's pervasiveness makes hospitals a prime target for a successful ransomware attack.

Healthcare security is a complicated problem with no one perfect solution. However, there is a series of steps they can take to shore up their defenses and mitigate the risks of a successful cyberattack.

  1. Adopt a layered approach to cybersecurity: This strategic shift is vital in the defense against the growing number of sophisticated attacks, including ransomware. Doing this requires integrating various tools, including antivirus, firewalls and web filters, and screening for malicious activity to minimize the risk. Adopting a layered cybersecurity strategy reduces the vulnerabilities within the healthcare network.

  2. Rethink business continuity: For healthcare enterprises where data has life or death implications, it's critical that the business continuity plan reflects that fact. Backing up sensitive patient data weekly or even daily is not sufficient in healthcare, and organizations should look for a continuous backup solution that allows them to treat sensitive information appropriately. It's important to note that when it comes to business continuity, one size doesn't fit all. Also, attackers have gotten very sophisticated about targeting backups during ransomware attacks, so ensuring offline or otherwise protected backups of critical data are available is extremely important.

  3. Phishing training: With attacks often being initiated via email, healthcare organizations must undertake regular training to help raise awareness of the pitfalls. With people working 24/7 in distributed environments, training healthcare workers needs to be more flexible to ensure that no one is forgotten. It's important to educate employees on spotting suspicious links and being mindful of grammar, punctuation, spelling, and formatting errors, as these are often phishing red flags. Arming everyone with this knowledge and updating them regularly on the latest cyber scams reduces the likelihood of employees clicking on dubious links and can help ward off attacks.

  4. Strengthen employee passwords: Trojan malware often attempts to propagate through an environment using lists of common or compromised passwords. Emotet, one of the suspected Trojans involved in the UHS attack, does this. Hospitals must end the practice of sharing credentials and integrate a tool to continuously search for exposed, common credentials. If employee or admin credentials are compromised or using common passwords or derivatives of common passwords, it's easier for nefarious actors to initially access and propagate through corporate infrastructure.

  5. Make multifactor authentication mandatory: Sensitive systems and data should require more than one login layer for security. Organizations must add additional authentication mechanisms to deter hackers rather than hoping than one will suffice.

  6. Only permit remote access via a virtual private network: Healthcare organizations have many workers that aren’t on the front lines and are working remotely for the foreseeable future. Hospitals must mandate that employees use a VPN to access work-related systems or data from home to keep this information protected.

The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Cybercriminals are continually looking for ways to exploit weaknesses in the network. Due to the possibly fatal implications, the healthcare industry can't take a lax approach to the resiliency of its systems. Hospitals must embrace a layered approach to security to reduce the risks from the growing tsunami of cybercrime.

About the Author

Mike Wilson

Founder & CTO, Enzoic

Mike Wilson has spent 20 years in software development, with 12 years specifically in the information security space, at companies like Webroot and LogicNow. At Webroot, Mike led the development of Spy Sweeper, Webroot's industry-leading anti-spyware product, and later the development of Webroot's first mobile security product for smartphones. At LogicNow, he again led the development of an anti-malware product, this time introducing enhanced antivirus and web filtering functionality to the managed service provider (MSP) space. Mike started his career in the high-security environment at NASA, working on the mission control center redevelopment project. Apart from his security experience, Mike also founded several successful startups over the years.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights