There have been a number of news stories recently which have highlighted the potential impact of ransomware. Being unable to admit patients, or worse, unable to provide critical care in a life and death situation, are the stuff of nightmares for health care providers. The changing landscape of health care due to COVID-19 has further disrupted the ability of health care organizations to mitigate the impacts of cyber threats. As more workers require remote access to hospital systems, more avenues of attack become available to hackers. It is now more important than ever to be aware of ransomware and broader cybersecurity threats.
What is ransomware?
The FBI defines ransomware as "a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return". Like many other viruses and malware, ransomware typically finds its way onto computers accidentally through unaware users installing or downloading it. In contrast to other computerized threats, ransomware is primarily used to extract payments from affected individuals directly.
How does it work?
Ransomware generally requires some action on the part of a computer user to begin its work. This is often achieved through phishing scams, or more targeted “spear phishing” emails that are used to trick users into downloading ransomware. Once the software is installed on a computer, it will lock the user out of the computer, encrypting the data on the drive so that it can’t be readily recovered. The more advanced and dangerous versions will also worm their way through attached network drives and other systems that the infected computer is able to access. Often, ransomware has the biggest impact on large, connected networks like those you would find in a modern hospital system.
More infamous ransomware, such as WannaCry in 2017 and Ryuk this year, have made headlines with their financial impacts. Other instances have more dire consequences, as in the case of Düsseldorf University Hospital. As a result of ransomware, a patient was unable to be admitted to the hospital. Instead, the patient had to be rerouted to another hospital farther away and died in transit. The hospital’s admission systems remained affected for more than a week.
How can health care organizations prepare & defend against ransomware?
(1) Keep operating systems and software updated. Install and use updated antivirus to perform regular scans
The vast majority of these attacks take advantage of vulnerabilities in software, many times for known problems that could have been mitigated or prevented by up-to-date software. As organizations decrease the number of insecure and outdated software systems running in their network, the likelihood of a successful ransomware attack decreases.
(2) Educate members of your organization about social engineering
Social engineering relies on subtle tactics, such as posing as a trusted source or creating a sense or urgency, to trick individuals into downloading malicious software or divulging sensitive information. Email phishing scams are a frequent vehicle for ransomware. By encouraging individuals to think critically before clicking unknown links, organizations are less vulnerable to ransomware.
(3) Perform frequent backups of critical systems and data and store them in another location
Ransomware’s biggest threat is preventing access to critical systems or data. By backing up and maintaining systems in another physical location and on another network, successful ransomware attacks will have less data and system access to ransom in the first place.
(4) Practice and plan for the possibility of a ransomware attack
Being prepared to restore access and data in the event of a ransomware attack is just as important as prevention. The financial impact of a day’s worth of lost business pales in comparison to a month of loss. When data can be easily recovered, there is little reason to pay the ransom for lost data.
If the organization suffers a successful attack, having a response and restoration plan can make a world of difference. Be sure to regularly test the efficacy of your plan to ensure the process stays current and succeeds in restoring the most critical systems.