The cyber infection known as ransomware continues to run wild in 2019. Ransomware is a malicious software designed to capture and hold data until a sum of money is paid. The 2019 Official Annual Cybercrime Report (ACR) predicts that businesses will fall for ransomware attacks every 14 seconds. One industry constantly bombarded by these attacks is healthcare. These organizations are prime targets because they are often more willing to pay a ransom to avoid downtime. Many organizations in the healthcare industry leave themselves vulnerable by using legacy systems that are typically outdated and prone to cyber attacks. According to Infosecurity Magazine, 23 percent of all healthcare organizations made some form of payment to attackers in 2018.
The reality of healthcare’s struggle with ransomware is that these attacks are leaving a damaging impact on the people associated with the numerous organizations in the industry. Patients, their families, and healthcare faculty continue to experience their personal and professional data ending up in the wrong hands.
DCH Health Systems, based in Alabama, recently announced that they would be closing their hospitals to all but the most critical new patients due to a ransomware attack. Wood Ranch Medical, a healthcare provider in California, announced that they will be shutting their doors permanently due to their computer systems being infected with ransomware. These are just two examples of many more practices that have experienced permanent damage.
So what can be done? What can change the trend of healthcare entities being a low hanging fruit for cyber criminals? Like other industries, healthcare must take the necessary steps forward to increase prevention of these attacks. Here are four proactive measures that can be taken by healthcare organizations to increase data security.
Keep all browsers and other software applications up-to-date. Many healthcare practices use legacy software because they want to get the most out of their system investment. This is okay until the system becomes outdated and unpatched. Once this happens, attackers try to take advantage of minimal security. One unpatched vulnerability can enable attackers to access all available data.
Empower Employees Through Education
One of the most common gateways for cyber criminals to obtain network access is through social engineering. Users are often careless and overlook suspicious emails and websites. It is vital for healthcare organizations to invest time and resources to educate employees on detecting phishing campaigns and other malicious scams. User awareness can go a long way in preventing a ransomware infection. NXTsoft’s ThreatAdvice Cyber Education offers an effective solution for healthcare cyber education.
Back Up Files
It’s important to make secure copies of your data on a regular basis. These copies should be kept and stored offsite. If backing up on a USB or external hard drive, be sure the devices are physically disconnected from the computer. It is strongly recommended that files should be backed up and stored on a secure cloud server with high-level encryption and multiple-factor authentication.
Invest In Layered Security
Many healthcare practices have little to no budget set up for cybersecurity. This prevents them from setting up multiple layers of security to prevent a breach. The first part of implementing a layered approach to security is creating a thorough cybersecurity plan of action. The ThreatAdvice vCISO Solution is a great asset to layering an all-inclusive security plan. This solution can provide healthcare organizations the ability to maintain top level security oversight while maintain their budget. Learn more about the ThreatAdvice vCISO here.
It’s time for the healthcare industry to evolve its methods of cybersecurity. These organizations and their practices are vital to citizens and it could be extremely detrimental if they are unable to operate or forced to close their doors due to a cybersecurity event. In an industry driven by finding cures, it’s time for healthcare to find its cure for ransomware.
I’ve Been Breached… Now What?
If the worst does happen and you do experience a breach, it is important to act immediately! The ThreatAdvice Incident Response is a great solution to investigate, remediate and restore your systems back to working order. Call 800-600-9891 or learn more information here.