Ransomware is hitting the healthcare field more frequently than any other industry. Why?
Hackers and criminals understand that healthcare data is precious. Doctors want to protect their patients. They want to keep their patient records from criminals to protect their identities and prevent data theft. They want preserve a trusting environment where patients can share what is really going on so that proper diagnoses are made and treatments administered. The care about the people under their care and don’t want to compromise best possible care (by keeping meticulous secure records to ensure patients are consistently getting care they need and not having to worry about their identities being compromised).
As a business owner, you worry about your office being up and running when it’s supposed to be. Most importantly so effective treatments are done timely, but also to get billing out and payments in. Essentially, you worry about keeping the lights on, keeping your staff paid, and keeping your medical operations running.
As we put more demands on healthcare—with an aging population or with bouts of emergencies related to outbreaks or illness, we all depend on the healthcare system to run seamlessly. But in talking to doctors and administrators, what I’ve found is that many worry that their data systems are not keeping up with even basic security to prevent them from getting ransomware and data breaches.
What I want to briefly talk about today is why ransomware is particularly successful in healthcare environments and 11 relatively straight forward steps your office should be taking or reviewing regularly to make sure your data valuable patient data is safe from ransom attacks.
With the latest attacks on clinics, hospitals, and even EHR systems becoming the norm, you should be seriously evaluating what you are doing to prevent attacks and what steps need to be taken to prevent your office from becoming a ransomware target.
Why is healthcare such a big target for ransomware?
You probably have seen in the news big headlines showing Allscripts hit by new ransomware variant and may be wondering “how do I know my patient data is safe online?” Or you may be seeing different businesses in the local news getting hit with ransomware and think “how do I know my business is safe?” These are both very legitimate and important questions to address in the current healthcare IT security landscape.
What the majority of healthcare offices often tell me is that while they’re concerned with being security compliant (they recognize that HIPAA is a concern), they don’t have the time or the resources to keep their networks secure.
With tightening margins, how can you invest EXTRA in security?
My answer to these concerns is that security should not be an extra! What the majority of businesses in healthcare fail to accomplish is getting expert IT Support that focuses their support efforts to keep healthcare compliant with security concerns. Healthcare IT Security should not be something you seek ‘a la carte’. It should be something you should be expected with the main course! That means keeping patient data secure should be a part of your IT Team’s expertise.
If your on-going support is doing what they’re supposed to be doing—that means if they understand your business strategy, know where your vulnerabilities lie and prioritize fixing critical security risks, you wouldn’t have any problems securing your network from ransomware attacks.
But your likely problem is more like this: your IT Support team DOESN’T understand security fully. They don’t know what’s all involved in keeping your team safe OR they lack the necessary resources to do everything required to ensure patient data is secure.
While the biggest objection I often hear by healthcare CEOs and administrators is that the cost to keeping their data secure is too high, what I’d argue is that the reason IT Security is too high is because you’re not dealing with an IT Support team that is trained in healthcare, trained in security (have at least one qualified CISSP on hand) and that is finding strategic ways to protect your data WITHOUT increasing spending.
And what boggles many administrator’s or CEO’s minds when we walk through a quick and painless 10-minute ransomware meeting with them to review their network’s security against the latest ransomware viruses is that their IT Support FAILED to ensure even basic security!
What can you do TODAY to start prevent ransom attacks like the latest at AllScripts?
While I would highly recommend to start with an unbiased 3rd party ransomware assessment (our assessment is a painless and often eye-opening 10 minute conversation with simple steps to eliminate your chances of getting infected with a ransom virus), here are some first steps to take to avoid being a ransom target:
Patching—I’m always surprised to see clinic, hospital and healthcare office networks WITHOUT critical security patches and updates applied. Criminals are exploiting systems that haven’t been updated or patched simply by walking their network and entering it UNDETECTED. In fact, many of the latest attacks are from IT Support staff NOT keeping patches up to date. Even worse: criminals are adding organizations that have been attacked because of un-patched networks to their list of places to attack again! (They figure, if you were too busy to patch once, why not see if you were too busy the second time). More often than not, hospitals and clinics that were attacked once are getting re-infected with new, more potent viruses a second (and even third) time.
Make sure patches are applied regularly (Microsoft releases patches at regular intervals) and that patches are tested to make sure your systems are all working once they’re applied.
Blocking unwanted traffic—blocking is another line of defense that many healthcare offices miss. I’d say that over 60% of offices I’ve had to remediate from CryptoWall, the offices had NOT updated their antivirus. Another big concern is that while many organizations have a firewall, most are outdated and not doing much to prevent more contemporary attacks from penetrating your network.
Monitoring—having an accurate understanding of what your network should look like will help you detect when suspicious or malicious activity pops up. The problem is that many healthcare organizations have no idea what a normal day looks like on their network, which makes it impossible to understand when computers are getting infected, a virus is moving or some other funny business is going on inside of your network.
Training—let’s be frank. It’s extremely hard to keep up with what’s really going on with cybercrime, phishing attacks and how to protect your users from falling victim to scams. BUT one of the biggest reasons businesses get infect is because users don’t understand (1) how to recognize scams/ ransom attacks and (2) don’t know who to contact if they think something funny is going on within their workstation.
We, as any good healthcare IT Support, train users with latest scams and best practice security hygiene on a monthly basis (live seminars) included in your basic IT Support, which is something any IT Support team should be doing if they are really thinking about your security best interests. (This is also a requirement for HIPAA compliance that can be easily checked off your To-Do list).
Response—another big vulnerability healthcare faces is responding with an attack—if you did not heed the advice above as to how to avoid getting ransomed or breached, you may be put in a very precarious situation of paying a ransom or reporting an attack to law enforcement and HHS. You’ll also need to recover files from backups and restore your records so that doctors can continue to give exceptional patient care or that your facility can run keeping patients safe and healthy.
The problem is: many healthcare organizations have not planned for disaster (or have inadequate plans that have not been tested). When you get ransomed, more often than not when we come in to assist, your IT Support is clueless and your administrators or office staff have no idea what they should do, who they should contact and how they should move forward.
Having a backup and disaster recovery plan (often referred to as a business continuity plan) is essential to recover from a ransom attack. While our IT Support DOES implement all of the aforementioned security tasks (along with many others—too many to list here) to protect healthcare business, we also help write and test a living recovery plan. We make sure that in the slightest event that something happens, that you know (1) who to contact, (2) how to restore your systems and (3) how to make sure everything is working and that you have a clear plan to get back on track, focusing on servicing your patients.
These steps are all pragmatic and should be easily implemented to ensure limiting your exposure to a ransom attack. WannaCry and more virulent and devastating CryptoWall variants are expected to persist in 2018. Had more organizations victimized by these attacks made sure their IT teams had taken more action, fewer would have suffered making risky ransom payments or data losses (in addition to reporting security breaches and paying HIPAA fines).
Are you sure you won’t fall to the next big ransom attack?
Get all the tools to protect your office. Ask us about a ransomware security assessment TODAY.
