How to prevent ransomware attacks in healthcare facilities:
- Stay aware of current threats
- Discover attack vulnerabilities
- Secure potential attack vectors
You’ve come to this page because you understand the growing need for healthcare organizations to protect themselves from cyber threats.
As someone involved in the healthcare industry, you understand that the functionality of internet-connected devices in hospitals and care facilities has life-threatening implications.
Due to the COVID-19 pandemic, the Centers for Disease Control and Prevention (CDC) has encouraged healthcare facilities to leverage telehealth technology to protect patients and healthcare workers. Utilizing telehealth technology helps reduce face-to-face interactions and lessen the demand for limited personal protective equipment (PPE) resources.
Unfortunately, many healthcare facilities are unprepared to support and secure this extensive new use of internet-connected technology and cyber criminals are taking advantage of the vulnerabilities that have been created.
Over a third of healthcare workstations run on unsupported versions of Windows according to a 2020 Forescout report. Additionally, the report concluded that 6 of the top 10 Internet of Things (IoT) devices considered the highest cyber security risks are medical devices and networking equipment.
The riskiest IoT devices in healthcare include but are not limited to:
- HL7 gateways
- Picture Archiving and Communication System (PACS) archives
- Radiotherapy systems and radiology workstations
You cannot afford to put your organization and patients’ lives at risk with unsecured devices, but what proactive cyber security measures can help you start protecting your medical devices and data?
The third week of NCSAM is dedicated to helping the healthcare industry #BeCyberSmart when using internet-connected devices.
At Proven Data, our cyber security and ransomware recovery experts frequently help clients in the healthcare industry secure their critical data and devices.
We expanded our COVID-19 relief initiative to include free ransomware recovery services to reflect our awareness and commitment to helping healthcare facilities navigate this growing threat.
We are committed to ensuring your devices and data have the proper protections in place to save you from a cyber attack so you can stick to saving lives.
By the end of this blog, you will:
How cyber attacks are affecting the healthcare industry in 2020
Unsecured internet-connected devices in healthcare are a high impact target for cyber crime. Cyber criminals have been increasingly targeting hospitals and other healthcare facilities with ransomware attacks.
Ransomware is a type of malicious software (malware) that denies user access to data until a ransom is paid or another recovery method is discovered.
The nature of a ransomware attack has serious consequences to any organization that it attacks; however, in the healthcare industry, the consequences of a ransomware attack can be life threatening.
A ransomware attack was investigated as the suspected cause of a patient’s death after a German hospital could not admit a patient in need of urgent care due to the effects of a ransomware attack on their network.
Police eventually dropped claims that the attack was responsible for the patient’s death, however, this incident must still serve as an example of how cyber crime is capable of disrupting essential healthcare systems and a deadly disruption in patient care is inevitable.
Downtime caused by the ransomware attacks varies from hours to weeks to even months according to a 2020 report by Comparitech which compiled these statistics about the growing problem of cyber crime in the healthcare industry:
As measures to combat the COVID-19 pandemic increased, in the first two weeks of April 2020, there was a reported spike in global ransomware attacks.
According to an Interpol report, between January and April 2020, approximately 907,000 spam messages, 737 cyber incidents involving malware, and 48,000 malicious URLs related to COVID-19 occurred. Countries contributing to the report indicated malware attacks were occurring against critical infrastructure including government organizations, hospitals and other healthcare facilities.
The reported rise of COVID-related phishing campaigns and specific targeting of ransomware attacks emphasize the need for heightened precautions as attackers take advantage of the COVID-19 pandemic to cripple essential institutions responsible for COVID-19 response.
There are ways to secure your organization to protect yourself from falling victim to these attacks. Don’t let your organization become a part of the statistics, #BeCyberSmart and take initiative to minimize cyber attacks and protect patients today.
Below, you’ll find an outline of the preventative practices every healthcare organization should consider to get more cyber secure.
Top 3 practices to reduce risk of cyber attacks in healthcare
Following our formula for cyber security success (awareness + action = achievement), there are three primary aspects to securing internet-connected devices in healthcare:
- Stay aware of current threats
- Take action to detect attack vulnerabilities
- Implement cyber security measures to close potential attack vectors and achieve more effective protection
Let’s break down how these cyber security practices work and why they are important.
Be aware of cyber attacks affecting your industry
The first step to improving cyber security is having an awareness of the current threat landscape. Immediate response is critical to prevent extensive damage from a ransomware attack.
Threat intelligence is the practice of gathering, analyzing and utilizing data from previous cyber attacks to gain knowledge on prevention and mitigation tactics. Threat intelligence sharing enables organizations to understand attack patterns and prevent similar attacks from occurring by leveraging the data compiled from previous cyber incidents within their industry.
1) CISA’s Automated Indicator Sharing (AIS)
When a private organization or federal entity detects an attempted compromise, information on the suspected threat is shared via AIS at machine speed with all participating partners. This allows organizations to act quickly to protect themselves and secure the vulnerabilities to that particular threat.
An AIS system like this is designed to decrease the proliferation of cyber attacks by providing timely notifications to help organizations make the necessary patches to prohibit cyber criminals from successfully using the same attack method repeatedly.
CISA’s AIS service makes it clear that it cannot mitigate sophisticated cyber threats. They can enable organizations and federal agencies to reduce their risks of being affected by less sophisticated attacks, freeing up resources to prevent larger, more dangerous threats.
2) Health Information Sharing and Analysis Center (H-ISAC)
The Health Information Sharing and Analysis Center (H-ISAC) is a global, non-profit organization offering healthcare organizations a free cyber threat intelligence sharing platform for the H-ISAC community members. H-ISAC provides automated threat intelligence sharing from numerous internal and external sources.
As a member of H-ISAC, you will both receive and contribute information on cyber threats, attacks and security vulnerabilities promptly, allowing you to attend to threats and vulnerabilities proactively.
H-ISAC encompasses both machine to machine and human to human information sharing capabilities to suit a variety of organizational needs.
To find a comprehensive list of different information-sharing organizations and their services check out the Health Industry Cybersecurity – Matrix of Information Sharing Organizations.
Utilizing threat intelligence sharing is a crucial aspect of staying aware and ahead of cyber threats. Having automated notifications to alert your organization about active threat indicators can help you leverage your security infrastructure by enabling immediate responses to potential attacks.
Navigating the numerous threat intelligence sharing organizations and their service offerings can be challenging. Learn more about how to leverage threat intelligence sharing and reduce your risk of being hit by a cyber attack by reading the Health Industry Cybersecurity Information Sharing Best Practices guide.
Discover the vulnerabilities in your organization
Once you know the cyber threats that could affect your organization, you need to find out how your specific organization is vulnerable to those threats.
Cyber security and data regulations vary depending on organization type. To ensure the security of Protected Health Information (PHI), the healthcare industry follows security compliance regulations like the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
You need to ensure the security solution you choose keeps you up to date with your respective cyber security standards.
Below, we outline several examples of the cyber security assessments that a cyber security company can conduct to help you determine your network’s security.
- Vulnerability assessment
- Security risk assessment
- Penetration testing
- HIPAA compliance audit
- Risk assessment
Understanding your vulnerabilities is a crucial first step to determining the gaps in your security protection. Always verify confidence in the source and applicability to your organization before proceeding with a response.
The next step is creating a strategy to continually secure your vulnerabilities and prevent ransomware and other cyber attacks from causing life-threatening disruptions in patient care.
Secure potential attack vectors to improve your security
When a vulnerability is detected, it is crucial to eliminate the vulnerability and implement cyber security solutions to prevent future attacks.
Due to COVID-19, cyber security in healthcare must evolve to cover an increasing number of endpoints. The construction of temporary medical facilities has created additional cyber security risks as facilities work to accommodate inordinate numbers of patients.
Telehealth services and temporary treatment facilities require the use of internet-connected devices outside of the scope of the healthcare organization’s established security infrastructure, creating additional attack vectors and posing issues with the security of data being transferred and stored in new locations.
The Joint Cyber Security Working Group (JCWG) of the Healthcare and Public Health Sector Coordinating Council (HPH SCC) has created a Management Checklist for Teleworking Surge During COVID-19 Response.
All healthcare-related internet-connected devices must have comprehensive cyber security protection whether they are used in a traditional care facility setting, telehealth services, or temporary locations.
There are many cyber security products and services that the healthcare industry should consider implementing to reduce the risk of a cyber attack, including but not limited to:
- Endpoint Detection and Response (EDR)
- Network Monitoring / Alerting Program
- Firewall audits & upgrades
- Security architecture assessment
- Email security
- Security awareness training
If your organization has already been hit by a ransomware attack, it is never too late to secure your network.
Next steps to a more cyber secure future in healthcare
Cyber security must be an ongoing practice of analyzing, monitoring, detecting and securing vulnerabilities.
Safeguarding internet-connected devices in healthcare is vital to ensure the physical safety and security of patients. Implementing preventative cyber security measures can reduce your risk of a cyber attack, but the story doesn’t end there.
Whether you are a healthcare worker or an IT manager/leader or provider working in the healthcare industry, being prepared to handle a disruptive cyber attack is critical to reducing the risk of damage. Creating a culture of cyber security at your organization and implementing an incident response plan is crucial to effectively remediating damage in the event of an attack.
At Proven Data, we are passionate about helping people prevent cyber attacks by getting cyber secure. Together with Fmr. FBI Special Agent Patrick Gray of the Computer Crimes Squad, our Operation Cyber Aware documentary explains why you need to #GetCyberSerious and protect yourself from ransomware and other cyber attacks before they happen.
Our cyber security and ransomware recovery experts have helped thousands of clients with the protection and recovery services they need to #BeCyberSmart.
How cyber secure is your organization?
DISCLAIMER: The information provided on our site does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general educational and research purposes only. Readers should contact their attorney for any legal questions if you were a victim of ransomware or a Cyber-attack.