For the last two weeks, healthcare IT news has been dominated by the WannaCry ransomware attacks. While healthcare providers were not the only victims of the exploit, the key responsibility of these organizations to care for critically ill patients makes the thought of a ransomware attack particularly disquieting.
CIOs of hospitals, clinics, and labs must take steps now to assess their information security posture and protocols to ensure they are prepared for what is likely to be an on-going barrage of ransomware attacks.
A Ransomware Primer
Ransomware, as its name suggests, is a malware attack against an organization that denies access to its most valuable asset – data – by encrypting it until a ransom is paid. Once the payment has been made, the attackers should provide the key to enable the organization to be decrypted. Yet even if the ransom is paid, there is no guarantee that the attackers will send the correct decryption key, or attempt to sell and further profit from any copies of the highly valuable Protected Health Information derived from patient care records they retained.
However ransomware is just one type of malware. Some rely on exploiting people through social engineering by asking users to open infected emails or click on malicious links. WannaCry, on the other hand, is a self-propagated as a worm without a human vector. Some forms of ransomware are ”noisy” and immediately compromise a device, whereas other variants are silent and lie in wait to be deployed at particular moment to ensure the ransom is paid.
Avoiding the Ransomware Threat
There is, of course, a lot of advice on how to manage risk and mitigate the impact of ransomware. Many experts focus solely on patching vulnerabilities in Windows and other operating systems, but this will not necessarily mitigate a ransomware attack. Patching is certainly an essential part of good IT hygiene. But there are a couple of scenarios that come to mind where patching is either not possible – such as the situation faced by the NHS in the United Kingdom where Windows XP was no longer supported at the time – or where it’s a Zero Day exploit.
Equally, some security advisors direct organizations to use data storage and backup as a risk management technique to blunt the effectiveness of a ransomware attack. However, between failure to regularly backup data and other architecture and process issues, this approach is inherently flawed. Which means the only effective risk management strategy for ransomware is to mitigate an attack through a layered human-centric defense strategy.
A Human-centric Ransomware Defense Strategy
A layered defense strategy, as the name suggests, sets up a situation where there are multiple methods of detection and mitigation and, in the case of assuring information security, it involves people and technology. A robust layered defense addresses the human element in security by focusing on repeated user education on topics such as how to spot fake emails and malicious links and adding email security protection to your IT setup. It also involves protecting the human point– the point of interaction between people and critical data and IP – on the Web, mobile devices, and in the data center. By adding cloud-based defenses via web security and then doubling down on that layer with next-generation firewalls to provide comprehensive protection to employees and their data wherever they work or reside, your team just mitigated the major vulnerabilities.
Approaching Data Security with Confidence
While no one – not even the foremost cybersecurity experts – know exactly what’s coming next, you can approach the challenges of securing data with confidence. When you prepare your organization by knowing the threats you’re facing and understand how to make security an integral part of every interaction between people and the network without making it a burden, you’re putting your organization in the strongest position to weather the next headline-grabbing attack, without becoming part of the story.
Interested in learning more about ransomware? You can watch a webcast hosted by Carl Leonard, Principal Security Analyst at Forcepoint, where he’ll discuss how ransomware propagates, whether you should pay the ransom and what’s next in the evolution of ransomware. Register here.
