[BreachExchange] Healthcare Orgs in the Crosshairs: Ransomware Takes Aim

Audrey McNeil audrey at riskbasedsecurity.com
Mon Nov 6 19:02:37 EST 2017


http://www.infosecisland.com/blogview/25001-Healthcare-
Orgs-in-the-Crosshairs-Ransomware-Takes-Aim.html

Criminals are using ransomware to extort big money from organizations of
all sizes in all industries. But healthcare organizations are especially
attractive targets. Healthcare organizations are entrusted with the most
personal, intimate information that people have – not just their financial
data, but their very private health and treatment histories. Attackers
perceive healthcare IT security to be the least effective and outdated in
comparison with other industries. They also know that healthcare
organizations tend to have significant cash on hand and have a high cost of
downtime, therefore are more likely to pay the ransom for encrypted data.
If you fail to take the necessary steps to combat ransomware and other
advanced malware and that trust is betrayed, the cost to your business
could extend far beyond paying a ransom or a noncompliance fine. If your
reputation for safeguarding patient data is damaged, not only will you be
scrutinized under the microscope, in some cases, companies never recover
and leadership is forced to resign.

Healthcare is making strides but isn’t there yet

There is good news. Healthcare organizations have made significant security
improvements over the last year. According to the HIMMS 2017 Cybersecurity
Survey, it is clear that IT security is an urgent business challenge for
leadership, rather than solely an IT problem. There is a marked increase in
the employment of CIOs and Chief Information Security Officers (CISOs)
among healthcare organizations, and security shortcomings are being
addressed.

Nonetheless, there is still room for improvement and ransomware attacks
continue to be a serious and growing challenge. Those who continue to
commit vital resources to implementing effective security measures will
emerge as winners and you will never hear of them in the media. Effectively
combating ransomware requires a well-thought-out combination of technical
and cultural measures.

Detection: discovering the weaknesses

Keeping your network free of ransomware and other advanced malware requires
a combination of effective perimeter filtering, strategically designed
network architecture, and the capability to detect and eliminate resident
malware that may already be inside your network. It’s an exercise of
cleaning house as your infrastructure likely contains a number of latent
threats. Email inboxes are full of malicious attachments and links just
waiting to be clicked on. Similarly, all applications, whether locally
hosted or cloud-based, must be regularly scanned and patched for
vulnerabilities. There should be a regular vulnerability management
schedule for scanning and patching of all network assets, which is checking
the box for basics but extremely critical for thwarting threats. Building a
solid foundation such as this is a fantastic start for effective ransomware
detection and prevention.

Prevention: A non-negotiable requirement

There are some very effective security technologies that are a requirement
in today’s threat landscape in order to prevent ransomware and other
attacks. Prevention of threats entering the network requires a modern
firewall or email gateway solution to filter out the majority of threats.
An effective solution should scan incoming traffic using signature
matching, advanced heuristics, behavioral analysis, sandboxing, and the
ability to correlate findings with real-time global threat intelligence.
This will ultimately prevent employees from having to be perfectly trained
to spot these sophisticated threats. It’s recommended to control and
segment network access to minimize the spread of threats that do get in.
Ensure that patients and visitors can only spread malware within their own,
limited domain, while also segmenting, for example, administration,
caregivers, and technical staff, each with limited, specific access to
online resources.Even with the most sophisticated methods like spear
phishing, where attackers impersonate your coworker, there are now machine
learning and artificial intelligence solutions that can spot and quarantine
these threats before they ever get to an employee. The risk for healthcare
organizations is immensely reduced when solutions such as these are
deployed as part of an overall security posture.  However, when data is
encrypted and held ransom, the fight isn’t over yet.

Backup—Your Last, Best Defense Against Ransomware

When a ransomware attack succeeds, your critical files—HR, payroll,
electronic health records, patient financial and insurance info, strategic
planning documents, email records, etc.—are encrypted, and the only way to
obtain the decryption key is to pay a ransom. But if you’ve been diligent
about using an effective backup system, you can simply refuse to pay and
restore your files from your most recent backup—your attackers will have to
find someone else to rob.Automated, cloud-based backup services can provide
the greatest security. Reputable vendors offer a variety of very simple and
secure backup service options, priced for organizations of any size, and
requiring minimal staff time. Advanced solutions can even allow you to spin
up a virtual copy of your servers in the cloud, restoring access to your
critical files and applications within minutes of an attack or other
disaster.

When all of these things are working simultaneously, healthcare
organizations are well equipped to stop ransomware attacks effectively.
Ransomware and other threats are not going away anytime soon and healthcare
will continue to be a target for attackers. The hope is that healthcare
professionals continue to keep IT security top of mind.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171106/2dfeeeca/attachment.html>


More information about the BreachExchange mailing list