Shields Up: 3 Controls Against Ransomware in Healthcare

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released a warning advisory regarding a massive cybercrime threat to hospitals and healthcare providers across the country. The recent spread of ransomware attacks on healthcare systems in the U.S. is unprecedented.

As hospitals and health systems continue to be overwhelmed by the ongoing pandemic — which has provided just the distraction for cybercriminals to take advantage — the industry has been particularly vulnerable to cyberattacks.

The goal of these predators? To create more panic and chaos than the pandemic has already created so that healthcare providers have no choice but to pay a ransom so they can get back to providing patient care as quickly as possible.

Cybercriminals in turn, are using these payouts to expand their attack campaigns and recruit more highly skilled hackers and engineers capable of creating advanced ransomware attacks. Their goal no longer revolves around individual files, but ownership of an entire network.

These are coordinated, high-level attacks with pen-testing-level teams. And they start where all attacks start: phishing. These phishing attacks are sophisticated, well-written and follow current events. The payloads are also not the old-school malicious payload, but scripted attacks using native tools. They are much harder for endpoint protection to detect.

CISA is advising healthcare organizations to be ready to activate business continuity and disaster recovery plans and, more importantly, to bulk up IT security systems and strategies. Prepare for the worst, but absolutely do not skimp on protection — the business of healthcare and its patients depend on it.

Here are three of the most impactful controls against ransomware that should be a part of your overall security strategy.

1. Protect your backups.

Keep your backups out of a full-scale, total compromise. Use cloud-based backup and keep it away from all your other systems. Separate, multifactor authentication is a good option.

2. Implement and execute strong preventive controls.

This encompasses email and endpoint security.

Email: Again, these attacks start with phishing scams. Attackers primarily target through email because it is inexpensive, inherently insecure and effective. Be familiar with current email attack threats, and practice simulated email threats.

Endpoint security: Do you have complete visibility into every endpoint on your network? With more and more caregivers, administrators, patients and family members accessing online resources of healthcare systems, network attack surfaces are sprawling and reducing exposure and risk is more difficult than ever. Make sure your security strategy is up to the challenge of safeguarding your critical data by asking critical questions and performing a thorough risk assessment.

3. Implement User and Entity Behavior Analytics (UEBA).

UEBA identifies anomalous activity like location and device access, strange email rules and more. This is especially critical for platforms like Office 365 where OneDrive and SharePoint are quickly brought into scope in relation to data loss. The newer UEBA tools can quickly and automatically start finding anomalous behavior and alert you or actually stop it.

The cost of ensuring your data and endpoints are secure is a fraction of the cost of a ransomware payout. Defense-in-depth is non-negotiable. You need layers of armor.

Ensuring that the three controls discussed here are in place is a good start, but a full security system assessment to identify risks and vulnerabilities is best practice. Bringing in a risk assessor with deep healthcare IT and clinical-use expertise is recommended. There’s an old saying: “An ounce of prevention is worth a pound of cure.” And in this case, an ounce of protection is worth a pound of data.