By Susan Biddle, Sr. Director of Healthcare at Fortinet
Ransomware! It’s the latest boogeyman to hit the healthcare cybersecurity radar, largely because the impact is easily quantified and understood: workstations are disabled, files encrypted, and systems immediately impacted. And right there on the screen, it tells you how to fix it, and how much it will cost. With a large, growing number of variants, ransomware attacks on healthcare organizations are becoming a daily occurrence.
Workstations at healthcare organizations are commonly in areas accessible by the public, often lagging in the latest security patches and running out of date versions of vulnerable applications like Adobe Flash and Java. They’re also frequently operated by many different users creating an environment of extreme vulnerability from an almost unlimited number of attack vectors.
How do we close off those attack vectors, prevent compromises, and remediate attacks that get through? A good defense against ransomware must focus on the basics; education, prevention, and remediation.
Focus on shoring up weak areas first: unprotected and under protected devices, and new variants. Analyze traffic flows. Find out what applications are in use on your network and what malware is already present. Track them down to find your original points of compromise.
Once you know your technical vulnerabilities, put together a holistic plan to deal with them. Give serious consideration to an Advanced Threat Protection (ATP) solution, aka Sandboxing. Cybercrime is a multi-billion dollar industry, with significant R&D going into the malware and hacking tools criminals use to get into your networks. You are completely vulnerable to these attacks without an ATP solution, so work it into your plan to ensure the sandbox you buy can integrate with your security solutions. Keep in mind just having a sandbox doesn't help you if you don't have it deployed effectively and act on the alerts it gives you.
Last note on prevention: re-evaluate your endpoint protection plan to make sure your most vulnerable devices are protected.
Next, put together a specific incident response plan for this type of attack, test it, then fully test your restore plans to ensure they work correctly. Teach your users what a ransomware compromise looks like and what to do when they see one. A quick report to IT can help a lot.
With consequences that are immediate, painful, and potentially costly, a ransomware attack is scary. Putting together a plan to stop it doesn’t have to be.
For more information presented in this informative post register to view the On-Demand Webcast
About the Author
Susan Biddle is the Sr. Director of Healthcare at Fortinet. She is a high technology and healthcare marketing executive with over 15 years’ experience driving new solutions from concept to market, managing diverse cross-functional teams and developing highly-effective marketing programs. Biddle is a results-oriented professional with expertise in strategic planning, market segmentation and research methodologies. She has a strong background in product & solutions marketing, demand generation and key IT infrastructure solution areas for the health and life sciences industry, such as translational research, digital health and connected care.