The security threat matrix for the healthcare IT environment is evolving. Why? There are more users, a lot more data and new technologies that are capable of carrying information over vast, widely-distributed ecosystems. In fact, a recent Cisco Service Provider report shows that global IP traffic has increased fivefold over the past five years, and will increase threefold over the next five years. By the end of 2016, annual global IP traffic will pass the zettabyte (1000 exabytes) threshold, and will reach 2 zettabytes per year by 2019.
All of this has created new targets for the proverbial bad guys. Although modern healthcare security technologies have enhanced the way we conduct everyday business, these same technologies create new risks as they are deployed into the modern IT environment. The prognosis worsens when cutting-edge security technologies are deployed in an aging healthcare data center infrastructure. But let’s pause here and look at an actual use-case and healthcare security scenario.
The Hollywood Presbyterian Medical Center Ransomware Incident
February 5, 2016, started out like any other day for the doctors, nurses, and other staff members at the Hollywood Presbyterian Medical Center in Los Angeles, California. But by the end of the day, many of them could no longer access or update patients’ medical records. Nor could they send or receive emails. When the hospital’s IT department investigated, it found that the computer systems were infected with ransomware.
The ransomware had encrypted the hospital’s files, paralyzing its computer systems. The hackers demanded 40 bitcoins (about $17,000) to get the decryption key. The hospital paid the ransom. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” explained president and CEO Allen Stefanek in a statement released by the hospital. After the hospital regained control of its computer systems on February 15, the IT staff, with the help of outside computer experts, removed the malware.
Not an Isolated Incident
The Hollywood Presbyterian Medical Center is not the only hospital to come under attack. Two hospitals in Germany also reported being ransomware victims. The Lukas Hospital in Neuss was attacked on February 10, 2016. Two days later, Klinikum Arnsberg was targeted. Although the ransomware had encrypted some files at each hospital, neither one paid the ransom.
While the Hollywood Presbyterian Medical Center, Lukas Hospital, and Klinikum Arnsberg reported their attacks, most organizations attempt to hide them, according to Bob Shaker, director of strategic operations for Symantec’s Cyber Readiness and Response group. He knows about hundreds of ransomware attacks in a variety of industries that have been kept secret.
Shaker and other security experts fear that the successful attack on the Hollywood Presbyterian Medical Center will encourage more organizations to pay the ransom if infected by ransomware. This, in turn, will lead to hackers launching even more attacks.
What You Can Do to Protect Your Business’s Computer Systems
Since more ransomware attacks are inevitable, you need to take measures to protect your business’s computer systems. Perhaps the most important measure is to back up your files and make sure they can be successfully restored. Although this will not prevent a ransomware attack, it will mitigate its effects. You will not have to pay the ransom to get your files back since you can restore them from the most recent backup.
Prevention is also important. To help prevent a ransomware attack, it is helpful to know the common ways of getting infected. They include:
- Visiting a malicious website or a legitimate website that has been hacked
- Opening a file or clicking a link in a phishing or spear phishing email
- Being infected with some other type of malware that, in turn, downloads the ransomware
Given these attack vectors, one way to help prevent ransomware is to use anti-malware software. It can help guard against known ransomware ploys and other kinds of malware threats.
Taking advantage of the popup blocker functionality in web browsers is another way to help guard against ransomware. Popups sometimes contain malware or lead to malicious websites. In addition, you need to educate employees about the importance of avoiding any websites marked as potential security threats by their web browsers or anti-malware software.
You also need to educate employees about how to spot phishing or spear phishing emails. Let them know what they should and should not do:
- They should not open any email attachments that are not expected. If the email is from someone they know, have them check with that person first before opening the attachment.
- They should not click any links embedded in emails sent from unknown sources. Even if they know the person who sent the email, have them check the link (hover their cursor over the link to see the address of the website) before clicking it.
Take Action Now or Pay Later
Ransomware is one of the biggest cyber threats in 2016, according to McAfee Labs and Trend Micro. To avoid becoming a victim, you need to take action now to protect your computer systems. Waiting could cost you money, hassle, and negative publicity. Contact us here at MTM to do an IT security assessment to reduce the risk of your data being held ransom. We can also help you set up effective backup and restore operations.