Heal Thyself — Preventing Viruses And Ransomware Attacks

By Simon Clephan, VP, Strategic Alliances, AppSense

Healthcare professionals need to spend time focusing on patient care, not technology. They need mission-critical applications to just work — quickly and reliably. Unfortunately, IT wellness, so to speak, faces a new and growing threat, one that can cripple entire healthcare organizations, impact patient care, and lead to costly system repairs. That threat is ransomware and related malware.

These vicious cyberattacks show no signs of diminishing. In fact, ransomware has become so pervasive a threat the U.S. Health and Human Services Office for Civil Rights has issued guidelines related to HIPAA to help healthcare organizations understand ransomware and what has to be done to prevent it. One of the guidelines is to limit user access to EHRs. In the public discussion following the news, an important point was made: ransomware gets in through people, not through operating systems. All the guidelines in the world will not prevent an employee accidentally opening a phishing email or clicking through a link and enabling a destructive malware or ransomware attack. 

What can be done to prevent ransomware? In the HIPAA guidelines, one of the recommendations is more user training, which is certainly a good practice. However, to provide a more consistent and thorough defense against ransomware, healthcare organizations need to do a wellness checkup of their security infrastructure to determine whether they have made full use of the technology that can help prevent these costly attacks. Areas of examination should include the endpoint, the user level, where ransomware attacks occur, and the security implications of Windows 10 migration.

As an example, the Boston Public Health Commission (BPHC), the country’s oldest public health department, has begun transitioning to application virtualization and profile virtualization for efficiency and cost savings as their existing desktops have become obsolete. With a small staff, 31 locations, and 1,200 desktops, virtualization was the answer to modernization. While moving to the VDI environment, IT Director Jeff Beers noted they have seen 10 to 15 computers hit with ransomware. The VDI environment escaped the first attack, but it’s possible the next ransomware attacks will be more critical and widespread.

Here are some of the ransomware and malware preventive medicine healthcare IT executives are moving toward deploying to strengthen security.

1. Trusted ownership — Ransomware and malware get in through executables. Using the trusted ownership model, a user doesn’t have sufficient privileges to run any executable; therefore, the malware can’t run. Organizations can also build whitelists using the metadata properties of an executable to allow trusted vendors access.
    
2. User context — Healthcare professionals are often moving from one location to another to serve patients. As BPHC moves toward a virtualized environment, it benefits from enabling user-context-aware security practices.

As professionals work on different devices, user context looks at where the individual is working, how they are working and what they’re working on, to determine which applications they can execute.

3. Privilege management — In moving toward virtualization, organizations want to enhance security controls while at the same time giving users the flexibility they need to be productive. BPHC and other healthcare organizations employ the least privilege principle by which IT can apply just the right level of granular administrative rights with little to no negative impact on users’ workflows.
    
4. Patch management — Windows 10 migration is posing its own security challenges for organizations. Cumulative updates, or patches, take away the flexibility of prior OS models in which IT could evaluate security risks of each patch. Now there may be more risk exposure at one point in time.

For healthcare organizations with compliance pressures, it’s important to put a patch strategy in place so that IT can patch the OS and make sure it’s running the latest version, as well as patch the applications to make sure they’re running at the correct levels.

5. Branch selection strategy — Windows 10 has multiple branches with updates (similar to service packs) that are released at most two times a year. These weighty upgrades may be disruptive to security controls so organizations need to have a strategy in place whereby some of the more frequently updating branches may have to be on less mission-critical devices in order to spot application compatibility issues. 

Healthcare professionals often hear doctors talk about tap, turn and treat. They want a usable and effectively-organized screen, along with fast-loading images and information. They need to be able to turn to the patient and start treating them without delays or technical difficulties.

In moving towards a virtualized environment, healthcare organizations need to provide this level of efficiency, so there is no room for ransomware or malware attacks disrupting patient care. By putting in place trusted ownership, privilege controls and planning for the impact of Windows 10 updates, healthcare IT can be ahead of the game in protecting the security of the organization’s vital activities.

About The Author
Simon Clephan manages the Strategic Alliances program for AppSense, now part of the LANDESK family, with a particular emphasis on Healthcare providers and partners. Clephan has more than 25 years of experience in the enterprise software industry, and has been in the User Environment Management marketspace for more than 15 years.