Hospitals are the targets of 88 percent of all ransomware attacks, according to Becker’s Health IT & CIO Review. Perpetrators know that patient data is truly a matter of life and death, making hospitals more likely to pay up than nearly any other target, and they also know that if the hospital doesn’t pay, patient data can be sold for a premium on the black market.  Hospitals are also easy pickings for perpetrators because they are much more focused navigating HIPAA regulations than dealing with cyber security. Do you know how to keep ransomware from taking over your healthcare IT system?

Spread Awareness, Not Malware

Nearly every ransomware attack comes from one place: email. Well-meaning users click on a link in an email and unknowingly unleash havoc on the system. It is critical to educate staff on the risks of opening emails from unfamiliar addresses and to teach them to check and double check any email with links or attachments to ensure they know and trust the sender. One way to “scare them straight” is to simulate an attack a few times a year. It will only take one incident of a person thinking they unleashed ransomware to keep them vigilant in the future.

Training should also include the steps employees should take if they inadvertently click on a ransomware link. There should be published instructions throughout the facility instructing employees how to immediately report a potential attack.

Simple, Yet Often Ignored Preventative Measures

In addition to training, whitelisting is an important step in protecting healthcare IT systems from ransomware. Machines and devices should be scanned to catalog the legitimate applications and then configured to block outside executables. This can be extremely labor-intensive, which is why so many facilities fail to take this critical step.

Additionally, mail servers should be configured to block likely malicious files like zipped attachments, and access to specific portions of the network should be restricted by role. Finally, areas of the network should be siloed so that if one area of the server gets infected, it cannot be spread everywhere.

Houston, We Have A Ransomware Problem

If a healthcare system is struck with ransomware, the hospital should shut down as many network operations as possible. This includes shutting off Wi-Fi and Bluetooth and discontinuing access to email and patient scheduling systems. Staff should revert to paper records until the threat is neutralized. While this will cause major inconveniences, it will also prevent the malware from spreading. Additionally, everyone should be asked to remove all USB and external hard drives to prevent them from becoming compromised.

It helps to know what strain of malware has been unleashed on the healthcare IT system. There are published resources available to help teams bypass the encryption. However, attackers are extremely savvy and it is, unfortunately, unlikely that this option will be available and teams often have two options for proceeding: paying the ransom or restoring the data from backup systems.

The key to shielding a healthcare IT system is to protect every single layer of the network. There can never bet too much protection. The harder an attacker has to work to find a vulnerability, the less likely they are to spend much time trying to breach a system. Hackers are in the business of making easy money, and if they have to exhaust themselves to break through, they’ll simply give up and move on to the next potential victim.

Tell us how we can help!

Contact us today to set up some time to learn more about Systems Personnel and how we can help augment your existing team or help you find the perfect candidate.