Effectively Combatting Ransomware In Healthcare

By Susan Biddle, Sr. Director of Healthcare at Fortinet

Ransomware! It’s the latest boogeyman to hit the healthcare cybersecurity radar, largely because the impact is easily quantified and understood: workstations are disabled, files encrypted, and systems immediately impacted. And right there on the screen, it tells you how to fix it, and how much it will cost. With a large, growing number of variants, ransomware attacks on healthcare organizations are becoming a daily occurrence.

Workstations at healthcare organizations are commonly in areas accessible by the public, often lagging in the latest security patches and running out of date versions of vulnerable applications like Adobe Flash and Java. They’re also frequently operated by many different users creating an environment of extreme vulnerability from an almost unlimited number of attack vectors.

How do we close off those attack vectors, prevent compromises, and remediate attacks that get through? A good defense against ransomware must focus on the basics; education, prevention, and remediation.

• Education
  Phishing remains the leading attack vector for ransomware, so targeted education is required. Get some examples of real phishing emails — zero out the ransomware payload and malicious links — and craft them into general education for your users. Then test them sending out the same emails you used for training with live (non-malicious) links and gather statistics on pass/fail rates. Consider an incentive program for users who forward possibly malicious emails for evaluation, effectively making all your users threat detectors.
• Prevention
  Ransomware is malware and any processes, procedures, and systems you implement to prevent ransomware will also protect you from almost every other type of malware, helping protect from data thieves as well. This could be a solid win for every healthcare system, but how do you pick a technology to meet your security needs?

​Focus on shoring up weak areas first: unprotected and under protected devices, and new variants. Analyze traffic flows. Find out what applications are in use on your network and what malware is already present. Track them down to find your original points of compromise.

Once you know your technical vulnerabilities, put together a holistic plan to deal with them. Give serious consideration to an Advanced Threat Protection (ATP) solution, aka Sandboxing. Cybercrime is a multi-billion dollar industry, with significant R&D going into the malware and hacking tools criminals use to get into your networks. You are completely vulnerable to these attacks without an ATP solution, so work it into your plan to ensure the sandbox you buy can integrate with your security solutions. Keep in mind just having a sandbox doesn't help you if you don't have it deployed effectively and act on the alerts it gives you.

Last note on prevention: re-evaluate your endpoint protection plan to make sure your most vulnerable devices are protected.

• Remediation
  To effectively remediate a ransomware attack, you first need to know whether you're willing to pay the ransom — there may be situations where a system or data is so critical that you have no choice. Rotating, offline backups are also a necessity. Several variants of ransomware can seek out online backups and delete or encrypt them before encrypting PC and shared files and announcing themselves. Time to drag those tape backup systems out of storage, or schedule your backups and then sever the connection so the ransomware can't find it.

​Next, put together a specific incident response plan for this type of attack, test it, then fully test your restore plans to ensure they work correctly. Teach your users what a ransomware compromise looks like and what to do when they see one. A quick report to IT can help a lot.

With consequences that are immediate, painful, and potentially costly, a ransomware attack is scary. Putting together a plan to stop it doesn’t have to be.

For more information presented in this informative post register to view the On-Demand Webcast

About the Author
Susan Biddle is the Sr. Director of Healthcare at Fortinet. She is a high technology and healthcare marketing executive with over 15 years’ experience driving new solutions from concept to market, managing diverse cross-functional teams and developing highly-effective marketing programs. Biddle is a results-oriented professional with expertise in strategic planning, market segmentation and research methodologies. She has a strong background in product & solutions marketing, demand generation and key IT infrastructure solution areas for the health and life sciences industry, such as translational research, digital health and connected care.