The importance of cybersecurity in the healthcare industry can’t be overemphasized. Patient data must be protected. Unfortunately, the healthcare industry is a prime target for hackers and cybercriminals. According to statistics, security breaches in the healthcare industry will amount to $6 trillion by 2020.
In the past two years, 89% of organizations in the healthcare industry experienced a cybersecurity breach. Despite the measures put in place by security providers, data breaches are still common. Fortunately, 82% of healthcare organizations agree that digital security should be a top priority.
Ransomware Attacks on the Healthcare Industry
Ransomware attacks have been an internet scourge for many years now. However, it’s not until recently that the attacks made their way to mainstream media headlines. The motivating factor was the new trend in ransomware attacks that involved the targeting of institutions in the healthcare industry.
Ransomware works by getting a hold of a user’s files and systems. It prevents the user from accessing them until a ransom has been paid. In most cases, the hackers demand payment in the form of bitcoins because they are hard to track.
Hospitals are the best targets for this kind of extortion because the information they hold is critical for patient care. They also must always have up-to-date information from their patient records. If they fail to access information like surgery directives, prescriptions, and other information in good time, patient care becomes delayed.
This makes hospitals more likely to pay the demanded ransom as opposed to risking the death of patients and ensuing lawsuits.
Besides, the healthcare industry hasn’t invested much in security awareness. Not many organizations in this sector have trained their employees on cybersecurity matters. Their primary focus is usually on HIPAA compliance,whichthat ensures employees meet the federal policy on patient privacy.
Cases of Attack in the Healthcare Sector
Ransomware is becoming an increasingly common threat in the healthcare industry, among others. In 2017, for example, there was a 133% increase in the attacks in the first six months. The first known attack in the healthcare industry happened in 1989. With time, the attacks have become more sophisticated and continually focus on the weaknesses of the aging IT infrastructure.
In 2018, there were several cases reported concerning ransomware attacks in the healthcare industry. In one incident, hackers took over computers belonging to the Hollywood Presbyterian Medical Center using a ransomware software called Locky. Computers went offline for more than a week until a ransom of $17,000 worth of bBitcoins was paid.
Later on, Methodist Hospital in Henderson was also struck with the same malware. The attack prevented healthcare providers from accessing patients’ files. The institution declared a state of emergency which lasted four days. According to the hospital officials, they didn’t pay the ransom, but security experts simply restored data from backups.
A few days later, news broke that Medstar Health, which runs ten hospitals and 250 out-patient clinics in Washington was hit by a malware suspected to be ransomware. The institution reported that its network had been affected by a virus that prevents users from logging-in to the system. Employees said that they saw a pop-up screen on their computers demanding payment in bBitcoin.
The organization immediately took action by shutting down large portions of the network. Consequently, employees were unable to access emails and other database records of patients, but the clinics remained open and operational.
Why is the Healthcare Industry a Prime Target?
From the statistics above, it’s clear that malware authors have a growing interest in the healthcare industry. Why is this so? Here are some of the leading factors:.
1. Outdated Medical Systems
Unfortunately, most organizations in the healthcare industry don’t invest much in new technological systems. Most of those still in use lack the capacity to protect themselves against new and complicated strains of ransomware.
According to a recent article by Security Intelligence, hospitals invest as little as 10% of the amount other industries spend on data security. As such, the industry becomes an easy target since attackers know this truth.
Unfortunately, decision-makers in the industry face hard choices when it comes to capital investment. They easily forego spending on security in favor of investments that generate more revenue.
2. Inadequate Funding
Due to limited funding, healthcare organizations have to contend with a high volume of older and sometimes outdated infrastructure, including software. It’s an ongoing challenge for organizations to maintain their critical infrastructure while reducing downtime incidences for patching and data backup.
Unpatched computer systems were one of the reasons for the massive Wannacry ransomware attack. Fortunately, most organizations in the healthcare industry were spared from the attack except for a few labs and some medical devices users. One reason is that the attack first unfolded in Europe before finding its way to other regions. This gave organizations in the U.S. some time to strengthen their defenses.
If organizations can invest in network segmentation and disaster recovery planning, they can go a long way in protecting sensitive data.
3. Data in the Healthcare Industry is Very Sensitive
Ransomware attackers know that loss of data poses a significant threat for healthcare organizations. It can result in a compromise in patient safety, which may put them in line for endless lawsuits. Cybercriminals, hence, attack the institutions knowing that they would be left with no option but to pay the ransom if they don’t have a backup or a disaster recovery plan.
Should the systems be rendered useless through ransomware encryption, delivery of services can be interrupted, causing patients to suffer. The consequences are far-reaching and a lot worse than for a business that counts revenue loss in such an attack.
4. Lack of Training of Employees
Unfortunately, most employees in the healthcare sector aren’t trained on matters of cybersecurity. They are, therefore, prone to fall for phishing scams that open doorways to ransomware attacks. Sharing of computer accessories like flash disks that may contain viruses is also common among employees. They should be trained on these and other risks that can expose them to cybersecurity attacks.
Should You Pay The Ransom or Not?
Some organizations may be under pressure to part with the demanded ransom to recover their data. This is especially true for healthcare institutions that have people’s lives at stake if they don’t have access to data.
However, paying the ransom is hardly the solution. It may or may not bring back the data. However, Iit doesn’t protect the systems from being attacked again, either. A more proactive approach is necessary in this case to reduce the chances of falling victim to the same or a similar attack in the future.
Protective Measures Against Ransomware Attacks
For healthcare organizations to protect themselves against ransomware attacks effectively, they must do more than the bare minimum. It requires them to look critically at the most common ways an attacker targets an organization and also for interactions that raise the cost of an attack for the cybercriminal.
Enhanced protection of the systems starts at the point of understanding what needs to be protected. This means knowing where the critical data is located, the interactions and dependencies that exist, as well as who has access to what and from where. It’s also crucial to understand the data recovery capabilities of the organization versus the nature of the data they have.
Secondly, an organization must be able to detect abuse or anomalies on the network and within the application’s ecosystem. This is the first step towards making sure the organization is well prepared for action when an incident occurs. They should also be able to prioritize the action an incidence should receive.
Knowing the data and interaction at stake is crucial. It’s the most significant link between a major data leakage versus being able to respond appropriately to an attack. Lastly, the process of detecting, responding, and recovering should be tested regularly.
The process should form part of table-top management exercises, combined with technical simulations to align the process with the requirements. Here are specific steps that organizations can take towards protecting themselves from ransomware attacks:.
1. Regular System Updates
Proper maintenance of Windows entails installing regular patches and updates. Ransomware attacks generally target vulnerable systems that are not using the newest version of the software. It was unpatched Windows 7 and Windows Server 2008 systems that opened a doorway for the Wannacry ransomware attack.
The systems backup software solution should also be regularly updated. Doing so offers improvements for better back up of files in case disaster strikes.
2. Training Employees
Unfortunately, most employees in the healthcare system are not well-versed with cybersecurity. Opening an email infected with malware could be the doorway to a ransomware attack. It’s crucial to make employees aware of such security threats, a move that can save an organization from spending millions in paying the ransom.
Employees also need to be trained on how to identify phishing emails. For example, send them frequent simulated phishing attacks and make it part of the culture. With time, send a simulated attack once a month, and this will keep the employees on their toes. This practice will see a dramatic drop in clicking on infected mails on trained employees.
Alternatively, organizations can whitelist their machines as a way of preventing the installation of ransomware. This process entails scanning the devices to take note of all the legitimate applications then configuring it to block all other executables. The process can be involving, which explains why only a few organizations take the step.
Mail servers should also be configured to block zip—they should be broken down into smaller groups. This way, if one server gets infected, the ransomware won’t spread to everyone. Permissions to areas of the network should also be restricted. Instead of many users accessing files on a single server, the other end, attackers have to work harder to locate and take down more servers.
Protecting every layer of the system or network will turn hackers away. Since they’re looking for easy money, a hard-to-crack system will make them look for other weak linksalternatives elsewhere.
3. Backing Up Data
One of the best ways to protect your systems and have a quick recovery in case of an attack is to have regular backups. Many software types on the market can help you with reliable image and file backups of the entire system and all valuable files.
Work with a reliable service provider for this service. You may find that saving your data on a cloud is much safer and more convenient than using a hard drive.
Before installing any backup solutions, test them for different scenarios, anticipate disasters, and make the necessary adjustments to your systems. Many online backup solutions provide this feature.
4. Patching
Once vulnerabilities in the systems have been identified, organizations should work on patching them right away. They can use an automation tool which is very useful in keeping the users very safe. This works by stopping the ransomware in case it reactivates itself.
5. Blocking
For all unpatched systems, the next line of defense is to block the systems. This is to ensure that all signatures are up to date on network blocking and antivirus technologies.
6. Response
Organizations need to consult with security experts in devising optimal responses that align with business processes and strict compliance requirements.
These three last steps are pragmatic and can be implemented in individual facilities, given the right skills and action plan. Had the organizations victimized by Wannacry followed these steps, fewer of them would have fallen victim.
Final Thoughts
Ransomware is a profitable business for attackers since it requires the victims to part with money to recover their data. The attacks are now more targeted towards the healthcare industry because this sector can’t function without this information.
Once their systems are seized, the quality of the services offered become compromised, which could lead to costly lawsuits. While paying the ransom may provide a temporary solution, it’s not the ultimate solution. More awareness needs to be created on how healthcare organizations can protect their systems from a ransomware attack.
Regular system updates and backup, employee training, patching, blocking, and immediate response are among the preventive measures to take. Investing in prevention is better and less costly than dealing with the consequences of a ransomware attack.