Despite the fact that the WannaCry attack is in the past, Destiny Bertucci, the Network Monitoring Head Geek™ at SolarWinds, urges healthcare CIOs to remain vigilant. “Ransomware is one of the biggest threats to healthcare providers and payers because of both the types of data contained in medical records and how complete healthcare records are,” she said.
Healthcare organizations have been particularly hard hit by ransomware over the last few years, Bertucci shared. While the value of Protected Health Information (PHI) is one factor that drives attackers to target healthcare organizations, they also factor in that ransoms will likely be paid because of the critical nature of data held by hospitals and clinics in delivering patient care.
Though the situation may look dire, Bertucci has put together three steps to help mitigate ransomware for healthcare organizations so that their CIOs can stay ahead of cyberattackers.
Here they are:
Step 1: Educate Your Users in Cybersecurity Fundamentals
People are both the number one threat vector and the number one defense against ransomware attacks. Since many attacks leverage social engineering tricks by getting users to open malicious emails or click on infected links, ongoing user education has to be a priority. This includes ensuring that users know how to stay safe online, not just at work, but on their mobile devices and from their home offices.
Step 2: Patch and Patch Again
Identifying vulnerabilities and fixing them quickly is the key to robust cybersecurity. Seldom do attacks like WannaCry fall into the category of Zero Day vulnerabilities when there’s no opportunity to patch. WannaCry, for example, was identified in March along with a patch, yet it wasn’t until May that the attack crippled IT systems. Most organizations don’t have the resources to keep up with the constant patching cycle that’s required in this day and age. For those organizations that do want to stay ahead of the game, adopting a Patch Tuesday mindset is key, as is wisely investing in a patch management solution. Strong patch management solutions allow updates to be tested in a sandbox environment to ensure no adverse impacts and also enable patches to be pushed out in batches.
Step 3: Consider Strategic IT Investments
It’s not always within budget to upgrade to the latest software or operating system—however, if it is possible, it’s a wise investment. For example, while Microsoft® created a patch for Windows XP® following the WannaCry exploit after the event, formal support—including security updates—was suspended on April 8, 2014.
However, when a system-wide upgrade is simply out of the question, there are other defenses. Investment in a SIEM – Security Information and Event Management – gives CIOs a secret weapon in the fight against ransomware. SIEMs bring two important features to the fight against ransomware. Firstly, they provide a baseline snapshot of your operating environment, because without a baseline, it’s not possible to detect anomalies. Secondly, they provide broad-based visibility into areas such as file integrity and alert on changes, such as file encryption or movement, which are key indicators of the introduction of malware into system. With proactive alerts, it’s then possible to mitigate and remediate a nascent attack before it has the opportunity to do real damage.
Want to see how easy patch management can be with the right tools? Check out this short video on patch management fundamentals: