Written by: Kelly Buckman
Most of us are familiar with this common scenario: An individual or a company employee is working in an application on their pc when a menacing message appears advising them that their computer has been locked and that they will have to pay a fee to regain access. It’s called ‘ransomware’, a type of malicious software designed to block access to a computer system until an amount of money or ‘ransom’ is paid.
Ransomware attacks are carried out through a technique known as crypto viral extortion, in which the victim’s files are encrypted, making them inaccessible until a ransom is paid to decrypt them. Since 2012, the prevalence of ransomware scams has grown globally. One example of ransomware, crypto locker was especially successful, extorting an estimated $3 million before it was removed by authorities. Another, Crypto Wall, was estimated by the FBI to have accrued over $18 million by June of 2015 (per Wikipedia).
Pretty scary stuff for both the individual consumer and for businesses, for whom the ransom can be especially steep and potentially cripple day to day operations.
Now imagine a health information exchange (HIE) system being held ransom by such an attack. Not only business operations but also patient care could potentially be compromised. You may think that such an attack is rare with all the safeguards hospitals have in place to protect patient data. But according to a Healthcare IT New Verizon 2017 Data Breach Investigations Report, of all the malware attacks on the healthcare industry in 2016, 72% were caused by ransomware. In fact, ransomware attacks have doubled in frequency across all industries and are the 5th most common specific malware variety.
According to a report in Healthcare IT News, the healthcare industry was the 2nd most targeted industry at 15 percent of incidents, just behind the financial sector, which reported 24% of total incidents in 2016. It has even been reported that in 2015, 1 in 3 people had a healthcare record compromised. One of the most notable instances of ransomware in the healthcare industry affected Hollywood Presbyterian; the attack caused the organization to declare an internal emergency and pay hackers $17,000 to restore access to the system (healthcareitnews.com).
Contributing to the steep increase in ransomware attacks on the healthcare industry last year was the introduction of ‘Ransomware-as-a-Service’. Indeed as ominous as it sounds, this inside threat involves developers providing customized ransomware ‘kits’ to hackers, in exchange for a percentage of the proceeds. Paying the ransom doesn’t always guarantee that information will be restored. There is even a variant of ransomware that deletes files even if the victim pays. In the wake of such a pervasive and malignant threat, how can any part of the healthcare industry be safe?
-It may seem obvious, but performing regular data backups cannot be emphasized enough here. Beyond data backups, healthcare organizations can go a step further and back up their systems and configurations, commonly referred to in the industry as a “gold image”. The data backup will contain all of the current data, while a gold image will reset the system back to the beginning.
-All healthcare organizations should create a risk assessment and business impact analysis that details worst case scenarios should the system come under ransomware attack. This would include a listing of all systems that would create substantial hardship should they stop functioning. Ideally, the analysis should take a tiered approach, where tier 1 lists systems that the organization can afford to have down for an hour, tier 2 would be down for a day, etc. Build the plan for the system that is most critical.
-In today’s high risk technological climate, it is important to not only have internal resources that can assist in the event of an attack, but also an external team of experts on ransomware. Some organizations even consult two or more cybersecurity companies to get different views. Keep in mind when developing a protection plan that one and done is not likely to cut it. According to David Finn, Health IT Officer at Symantec a multi-layer defense strategy is advisable. With a multi-layered approach, if your end-point protection doesn’t stop a ransomware attack, your network protection may. When you can correlate data from multiple products, a firewall log, an end-point log, a network log, etc., you can use the information gleaned to better protect your organization from debilitating ransomware attacks. Unfortunately, in today’s world, it’s also important to remember to protect against insider threats.
-Once you have a plan to protect against ransomware attacks you’re good to go, right? Not quite. It’s very important to test your security plan with your employees and systems before implementing.
-Lastly, be sure to train your end users in cyber security; otherwise, your plan may be useless. It may seem like common sense, but not all users are aware of the risk of clicking on phishing emails, visiting suspicious websites, or using USB flash drives that are not from a trusted source. It only takes one impulsive click of the mouse to infect an entire system. In one typical scenario, a user clicks on a file attached to an email, which triggers an Enable Content bar. When the user clicks the bar, malicious software locks internal files with a password or key that only the cybercriminal possesses. As easy as it is to introduce ransomware into the system, you can see how important it is to offer periodic cybersecurity training.
With all there is at risk, the healthcare IT industry as a whole cannot afford to ignore the threat. Nor can we assume that there is nothing we can do to prevent attack. Whether a large multi-facility or small community hospital, with a bit of planning and education, we can protect healthcare organizations and the patients they serve from this menace.
--
Kelly Buckman is a healthcare IT expert and field expert blogger for Barracuda Consulting.
Kelly has almost a decade of experience as a Technical Support Engineer/ Analyst in the field of Healthcare IT, over 20 years in IT Support, and several years of experience in Project Management. She has a B.A. from Mount Holyoke, Masters degree from UMass Amherst, and lists her skills as the ability to analyze and resolve various types of application, server and network issues, and to communicate complex ideas effectively.
She is also the mother of 3 sons, ages 19, 17, and 11, lives in western Massachusetts, and enjoys solving puzzles, reading, and travelling.
Please leave your comments below. If you would like to subscribe to our newsletter, click here: https://tinyletter.com/barracuda-consulting. To purchase a full report on this subject, or to access our complete suite of healthcare, and IT advisory services please contact us: https://www.barracuda-consulting.net/contact.
Most of us are familiar with this common scenario: An individual or a company employee is working in an application on their pc when a menacing message appears advising them that their computer has been locked and that they will have to pay a fee to regain access. It’s called ‘ransomware’, a type of malicious software designed to block access to a computer system until an amount of money or ‘ransom’ is paid.
Ransomware attacks are carried out through a technique known as crypto viral extortion, in which the victim’s files are encrypted, making them inaccessible until a ransom is paid to decrypt them. Since 2012, the prevalence of ransomware scams has grown globally. One example of ransomware, crypto locker was especially successful, extorting an estimated $3 million before it was removed by authorities. Another, Crypto Wall, was estimated by the FBI to have accrued over $18 million by June of 2015 (per Wikipedia).
Pretty scary stuff for both the individual consumer and for businesses, for whom the ransom can be especially steep and potentially cripple day to day operations.
Now imagine a health information exchange (HIE) system being held ransom by such an attack. Not only business operations but also patient care could potentially be compromised. You may think that such an attack is rare with all the safeguards hospitals have in place to protect patient data. But according to a Healthcare IT New Verizon 2017 Data Breach Investigations Report, of all the malware attacks on the healthcare industry in 2016, 72% were caused by ransomware. In fact, ransomware attacks have doubled in frequency across all industries and are the 5th most common specific malware variety.
According to a report in Healthcare IT News, the healthcare industry was the 2nd most targeted industry at 15 percent of incidents, just behind the financial sector, which reported 24% of total incidents in 2016. It has even been reported that in 2015, 1 in 3 people had a healthcare record compromised. One of the most notable instances of ransomware in the healthcare industry affected Hollywood Presbyterian; the attack caused the organization to declare an internal emergency and pay hackers $17,000 to restore access to the system (healthcareitnews.com).
Contributing to the steep increase in ransomware attacks on the healthcare industry last year was the introduction of ‘Ransomware-as-a-Service’. Indeed as ominous as it sounds, this inside threat involves developers providing customized ransomware ‘kits’ to hackers, in exchange for a percentage of the proceeds. Paying the ransom doesn’t always guarantee that information will be restored. There is even a variant of ransomware that deletes files even if the victim pays. In the wake of such a pervasive and malignant threat, how can any part of the healthcare industry be safe?
-It may seem obvious, but performing regular data backups cannot be emphasized enough here. Beyond data backups, healthcare organizations can go a step further and back up their systems and configurations, commonly referred to in the industry as a “gold image”. The data backup will contain all of the current data, while a gold image will reset the system back to the beginning.
-All healthcare organizations should create a risk assessment and business impact analysis that details worst case scenarios should the system come under ransomware attack. This would include a listing of all systems that would create substantial hardship should they stop functioning. Ideally, the analysis should take a tiered approach, where tier 1 lists systems that the organization can afford to have down for an hour, tier 2 would be down for a day, etc. Build the plan for the system that is most critical.
-In today’s high risk technological climate, it is important to not only have internal resources that can assist in the event of an attack, but also an external team of experts on ransomware. Some organizations even consult two or more cybersecurity companies to get different views. Keep in mind when developing a protection plan that one and done is not likely to cut it. According to David Finn, Health IT Officer at Symantec a multi-layer defense strategy is advisable. With a multi-layered approach, if your end-point protection doesn’t stop a ransomware attack, your network protection may. When you can correlate data from multiple products, a firewall log, an end-point log, a network log, etc., you can use the information gleaned to better protect your organization from debilitating ransomware attacks. Unfortunately, in today’s world, it’s also important to remember to protect against insider threats.
-Once you have a plan to protect against ransomware attacks you’re good to go, right? Not quite. It’s very important to test your security plan with your employees and systems before implementing.
-Lastly, be sure to train your end users in cyber security; otherwise, your plan may be useless. It may seem like common sense, but not all users are aware of the risk of clicking on phishing emails, visiting suspicious websites, or using USB flash drives that are not from a trusted source. It only takes one impulsive click of the mouse to infect an entire system. In one typical scenario, a user clicks on a file attached to an email, which triggers an Enable Content bar. When the user clicks the bar, malicious software locks internal files with a password or key that only the cybercriminal possesses. As easy as it is to introduce ransomware into the system, you can see how important it is to offer periodic cybersecurity training.
With all there is at risk, the healthcare IT industry as a whole cannot afford to ignore the threat. Nor can we assume that there is nothing we can do to prevent attack. Whether a large multi-facility or small community hospital, with a bit of planning and education, we can protect healthcare organizations and the patients they serve from this menace.
--
Kelly Buckman is a healthcare IT expert and field expert blogger for Barracuda Consulting.
Kelly has almost a decade of experience as a Technical Support Engineer/ Analyst in the field of Healthcare IT, over 20 years in IT Support, and several years of experience in Project Management. She has a B.A. from Mount Holyoke, Masters degree from UMass Amherst, and lists her skills as the ability to analyze and resolve various types of application, server and network issues, and to communicate complex ideas effectively.
She is also the mother of 3 sons, ages 19, 17, and 11, lives in western Massachusetts, and enjoys solving puzzles, reading, and travelling.
Please leave your comments below. If you would like to subscribe to our newsletter, click here: https://tinyletter.com/barracuda-consulting. To purchase a full report on this subject, or to access our complete suite of healthcare, and IT advisory services please contact us: https://www.barracuda-consulting.net/contact.
Comments
Post a Comment