While cyber criminals promised to stop ransomware attacks on healthcare providers during the pandemic, it never really happened.
This week, Eastern Health, the operator of four hospitals in Melbourne’s east, continues to grapple with a number of their IT systems offline following a cyber attack last week, forcing it to postpone certain elective surgeries.
According to the Office of the Australian Information Commissioner (OAIC), the health sector had the highest number of data breaches between July to December 2020, reporting up to 23 per cent of all breaches. Malicious or criminal attacks such as ransomware remain the leading source of data breaches, accounting for 58 per cent of notifications.
Health service providers have consistently reported the most data breaches compared to other industry sectors. The Australian Cyber Security Centre explains that the healthcare sector is a lucrative target for ransomware attacks because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and patient care.
The costs of a significant ransomware attack against a healthcare facility are measured in millions of dollars and increased risks to priceless patient privacy and the organisation’s reputation.
With cyber attacks continuing to evolve and proliferate, healthcare providers need to look at how they can prevent their organisation from suffering the damages that result from ransomware. The following are some ransomware prevention strategies that healthcare providers should consider to keep both company and patient data safe.
- Filter inbound emails
There are lots of choices for email filtering solutions that can serve as your first line of defense. Healthcare providers should look for software or filtering services that proactively scan and block spam, virus, and other threats in real-time before they can wreak havoc. Some use artificial intelligence (AI) to keep up with new threats and adapt defences, while others use a Bayesian filter to detect and block personalised spam emails. It’s also worth choosing a solution that is easy to manage via a web browser, with customisable settings.
- Keep firmware up to date
Software patches are frequently driven by newly discovered vulnerabilities. Healthcare organizations need to establish a regular assessment plan to confirm that all their critical applications, databases, and servers run the latest firmware. And immediately patch any that aren’t.
- Evaluate security systems and firewalls
With more and more remotely connected devices — including IoT devices that present new potential vulnerabilities — healthcare organisations need to ensure that their endpoint security systems and firewalls work as expected. They also need to make sure that these protections are sufficient to keep their data secure, compliant, and available at all times. For organisations with remote workers, it’s more important than ever that these users connect to your network via a secure virtual private network (VPN). Along the same lines, they need to ensure all patient records and patient processing systems are protected by encrypting all their data — both at rest and in transit.
- Train people
Cybersecurity education should be a core element of an overall data protection strategy. Team members must be trained so they can spot suspicious emails, attachments, or SMS attacks. They need to be educated and tested on social engineering attacks to understand that they should never click on a link or download an attachment unless they are 100 per cent sure it is from a known sender. And they should have a general understanding of best practices for protecting devices and data.
- Take regular backups
The best way to mitigate the fallout from a ransomware attack is to be prepared. That means backing up data frequently and replicating copies both to an offsite location and the cloud. Providers need to establish their recovery point objective (RPO) and recovery time objective (RTO) and ensure their backup solution can meet them. They should also look for a backup solution that takes regular, immutable snapshots that can’t be deleted or altered, preventing crypto-ransomware encryption. That way, healthcare providers know their backed-up data is always safe, accessible, and recoverable.
- Count on the cloud
Cloud storage gives organisations fast access to offsite data and is one of the pillars of a sound backup strategy. Cloud storage can also be less expensive than on-premises storage while adding an additional layer of protection. And, while even cloud-based data can be infected with ransomware that’s uploaded with a backup, sound backup practices — see #5 above — can overcome just about any attack.
- Don’t pay the ransom
While an attack will cause major problems, we recommend that organisations never pay a ransom. Cyber criminals often don’t give access even if companies do pay. It’s worth considering getting ransomware insurance to help mitigate the damage.
- Be proactive
While all these strategies are important for protecting against ransomware, healthcare providers may still fall victim to a successful attack. That’s where planning makes the difference. With the right hardware, software, and best practices in place, they can recover quickly with minimal damage done. We suggest it’s time for every healthcare organisation to get a serious security-health check-up that ensures they have a healthy security posture that can withstand even the most sophisticated ransomware attacks.
Leo Lynch is the director, Asia Pacific, StorageCraft, an Arcserve company.