Preventing Ransomware in Healthcare
For over a decade ransomware has been a threat to cybersecurity, but only recently has it become a trending topic. Ransomware is just what it sounds like – IT systems locked up for ransom. Attackers encrypt important files and then demand payment to decrypt them. Lately, preventing ransomware has become a worldwide IT priority – largely due to publicized attacks on many major healthcare facilities. Organizations in California, Kentucky and the DC Metro Area were hit already this year. This crisis demands a response before attackers can make any more demands. Leadership in prevention of ransomware should come from those most publicly affected: healthcare facilities.
Attacking Healthcare through Backdoors
The first phase of a typical ransomware attack occurs when someone within a company’s system clicks a link to a dangerous site or opens a malicious email attachment. Infection starts there, but the software is not what can do the most damage; people are. Ransomware is most dangerous when it lets in attackers through backdoors. Once in, attackers inflict damage strategically, making their work more targeted and more debilitating than anything a typical virus could do on its own.
To get deeper and deeper into IT systems, ransomware can act autonomously as well, hiding in the very records a hospital depends on, granting access point after access point to attackers by jumping from machine to machine. Whenever a clinician pulls up records, another backdoor is thrown wide open for attackers to enter.
Once access is opened to core systems, everything is there to be attacked, often including backups. If all backup files are encrypted, there is little to no hope for restoration without the ransom being paid, so the importance of robust backup systems at any healthcare facility cannot be overstated. They prevent downtime, protect patients from uninformed care, and lessen the burden of potential legal action on clinicians and facilities.
Targeting Hospitals for Cybercrime
Frequent access to life and death data is critical for a healthcare organization to operate safely. Without medical records, how can clinicians hope to provide any treatment? How can patients feel safe at facility under attack? If a medication allergy is missed, for example, patients can die, or survive only to take legal action.
When a Kentucky hospital system was hit, providers were entirely unable to access patient records over a weekend. By Monday, however, all systems were restored completely – thanks to secure backups. Without backups that withstand cyberattacks, paying the ransom is a best practice. In the California attack a $17,000 ransom was paid out in Bitcoin after the hospital’s systems were offline for over a week.
What to do if ransomware hits your organization? Follow one response from DC Metro Area hospital system MedStar. When attacked in the spring of 2016, MedStar acted immediately: every machine was taken offline, including WiFi and Bluetooth devices, and every connected USB stick or hard drive was removed as well. MedStar then went back to using paper until the issues were resolved. Going offline and back to paper until restoration may sound drastic, but it is by far the safest response when faced with ransomware.
Trained Employees Are the Best Firewall
The first point of failure in every ransomware attack is human error, so the most proven, effective defense against ransomware is rigorous training. Teaching employees how to spot it is crucial. One method for preparation is to simulate attacks. Hackers are hired by the healthcare facilities to send out simulated ransomware to employees and measure the results.
Just as ransomware is more dangerous when it allows attackers to be deliberately and manually encrypt a system, if properly trained, your people acting deliberately and manually can be your best firewall. Training to prevent ransomware should be the highest of priorities for every healthcare organization. Expect to be attacked regardless, and expect dire consequences if your backup systems and everyone you work with are not prepared when the attack hits.