The disruption COVID-19 has wrought on society presented many opportunities for people to display their best and worst qualities.
I recently saw a video referencing a remark Amy Poehler made in her memoir, Yes Please that stuck with me. When reflecting on her time spent in Haiti after the devastating earthquake in 2010, she simply said, "People are very bad and very good."
Of course, it's important to focus on the good things, like healthcare professionals working tirelessly to care for those with COVID. But we also have to be vigilant about those looking to maliciously turn a very bad situation to their advantage.
Ransomware attacks are on the rise due to COVID-19
The healthcare sector has always been highly vulnerable to cyberattacks. For one, the stakes for healthcare organizations to access critical files are literally life and death. For another, patient records are full of highly valuable personal information, such as social security numbers and patient addresses.
While the average cost of a data breach for industries overall was $3.86 million in 2020, the average cost for a data breach in healthcare was $7.13 million. That cost makes it the most expensive industry for data losses—and the most lucrative for cybercriminals.
As COVID-19 has created a highly urgent situation for healthcare organizations around the globe, they've become even bigger targets for criminal syndicates looking to take exploit. The risks to healthcare are currently so large that the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the FBI co-authored a joint advisory, warning the healthcare sector to be especially vigilant for ransomware attacks.
What is a ransomware attack?
A ransomware attack is a cyberattack that involves stealing and encrypting sensitive files from an organization after installing malware on their servers. To get the files back and decrypt them, that organization must pay a ransom.
Malware is typically installed on an organization's servers through phishing. Phishing involves sending emails that look like they're from an important person at your organization. An unsuspecting recipient, thinking the email is from someone in their organization, clicks on or downloads a file, which gives a cybercriminal access to the organization's servers and files.
In order to protect themselves against ransomware in 2020, healthcare organizations should be on the lookout for TrickBot and BazarLoader attacks, typically executed via phishing campaigns.
But what should healthcare organizations do to prevent such an attack, especially in the middle of a pandemic?
>> Download Now: IT Security [Whitepaper]
5 steps you should take to prevent a ransomware attack
The most recent estimates from federal agencies suggest that over 400 healthcare organizations could be potential targets of cybercriminals taking advantage of the pandemic. It's possible that some of these attacks could already be underway.
Given the magnitude of these attacks, the best move for any healthcare organization would be to have a plan in place in the event of a ransomware incident. By assuming that your organization is or will be a target, you can ensure that you know what to do if any of your files are ransomed.
Below are a few critical steps to include in your ransomware prevention plan.
1. Backup files
Backing up your files is the first step you should take to prevent data loss or a disruption of service. When you securely store backups of files, you can restore and access them without relying on paying ransoms to cybercriminals.
The good news is, HIPAA rules already require that healthcare organizations protect data by backing it up securely. However, your organization must also ensure that the facility storing your backups is HIPAA-compliant.
2. Participate in cybersecurity and info sharing organizations
Joining an information-sharing group helps your organization stay on top of ongoing cybercriminal activities and follow best practices and tactics used successfully by other organizations.
For healthcare orgs, federal agencies recommend joining the following groups:
- Health Information Sharing and Analysis Center (H-ISAC)
- Other groups in the National Council of ISACs that align with your sector of healthcare
- Information Sharing and Analysis Organization (ISAO) Standards Organization
And given the seriousness of healthcare data safety in the middle of a pandemic, your organization is highly encouraged to communicate and collaborate with CISA, HHS, and the FBI to mitigate ransomware attacks.
3. Educate your staff
Since most ransomware attacks gain access to your system via phishing campaigns, your staff members are your first line of defense.
You should let healthcare staff know their workplaces are currently prime targets for ransomware attacks and that they should be extra vigilant with secure passwords and file sharing. You should also let them know they should be on high alert for suspicious emails or files and educate them about phishing campaigns in general.
When staff know what they're looking for—or that they should look for suspicious activity in the first place—they're more capable of helping to protect your whole organization.
4. Create a reporting plan
Simply educating staff won't help if your staff doesn't know what to do when they find suspicious activity. Make sure you have a clear chain of communication from your staff to appropriate IT security personnel.
In addition to creating and communicating a reporting plan, you should ensure that you have a group of people who are trained and ready to handle and investigate incoming reports. With staff on the lookout for phishing emails and IT professionals at the ready to deal with anything suspicious, you'll be better able to mitigate an attack quickly and effectively if you're targeted.
5. Invest in the right cybersecurity tools
Of course, cybersecurity tools, unlike your employees, can monitor your entire network day and night. With the right security suite, you can detect unusual activity immediately. In addition to detection, these tools can also help investigate, manage, and block cyberattacks.
A suite of security tools could include the following software:
Intrusion detection system (IDS)
An IDS is essentially like a burglar alarm for your network. If someone tries to "break in," an IDS sets off the alarm bells to alert your security team.
Intrusion prevention system (IPS)
Similar to an IDS, an IPS monitors incoming threats and alerts your security team, while actively blocking these threats to prevent further damage into the network.
Security information and event management (SIEM)
SIEMs log and analyze IT activity. If any suspicious activity is detected, your IT team will receive alerts. Using the logs, these systems can create reports that will help your team determine the source of suspicious behavior.
Patch management
Patch management software helps deliver updates to the systems on your network. Patches help protect you against vulnerabilities in your software that hackers could exploit.
Endpoint detection and response (EDR)
EDR tools help you monitor and manage all the endpoints on your network. When a security incident impacts an endpoint, the system will alert your team and respond to any incident.
Remote monitoring and management (RMM)
RMM software allows you to manage your IT environment remotely. That means that, in addition to monitoring networks and devices set up in your offices, you can monitor any endpoints accessing your network from other locations, whether they're from staff working from home or malicious third-party actors.
Antimalware
Antimalware software is specifically designed to detect malware, including ransomware, and prevent it from impacting your system. Along with other security tools, it can help you detect malware and identify its source, helping you prevent further infection if your system is already affected.
Make sure your organization is fully protected
Your healthcare organization can prepare for and prevent bad actors from taking advantage of an already unfortunate situation. To fully protect your organization, make sure you have the following:
- Secure, HIPAA-compliant back-up files
- The knowledge provided by information-sharing groups
- A staff and team on high alert for suspicious activity
- A full suite of cybersecurity tools to prevent, detect, mitigate, and alert you to any attacks on your system.
- A visibility fabric to ensure these cybersecurity tools are able to see and detect threats as they arise.
- Bypass TAPs that reliably ensure your inline security tools protect 24/7 without network downtime.
To make sure your healthcare org is secure down to the smallest details, you'll also want to make sure you have full visibility into the information sent on your network and the information shared between your security tools. Network TAPs provide packet visibility to IDS, SIEM, and RMM/EDR tools to better analyze your data and ensure no dropped or missed packets don’t compromise security. With a better understanding of all your data, you're better equipped to prevent ransomware attacks.
Looking to add inline or out-of-band security solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
