August 7, 2023
Because ransomware has become a nightmare scenario for many healthcare organizations, threatening to bring hospital operations to a standstill and potentially endanger patient lives, IT executives have to make preventing it a mission-critical responsibility. This post outlines key technical best practices for preventing these cyberattacks.
Patch and Update Regularly
Outdated software and systems provide fertile ground for ransomware. Regular patching and updating of all systems, software, and applications is crucial in plugging potential security gaps. This includes both conventional IT infrastructure and the often-overlooked Internet of Things (IoT) devices used in patient care.
Implement Endpoint Detection and Response (EDR) Tools
Antivirus protection isn’t enough in today’s complex threat environment. Why not? Because traditional antivirus software is primarily designed to prevent, detect, and remove known malicious software (malware) based on a database of known virus definitions. The evolution of the modern threat landscape renders inadequate most traditional antivirus software. Today’s cyberthreats are often unknown to conventional antivirus tools and are often designed to evade detection by these tools.
Modern EDR tools look at endpoints and their activities and then use machine learning and AI to analyze patterns and behaviors, making it possible to detect unknown and sophisticated threats. In doing so, EDR solutions provide a key layer of defense by quickly detecting and blocking ransomware attempts at the device level before issues can escalate. Ensure that all devices connected to your hospital’s network, from servers to mobile devices, are covered.
Practice Least Privilege Access
Limiting access to your system based on necessity significantly reduces ransomware vulnerability. Follow the principle of least privilege, which ensures users only have access to the data and systems they need to perform their jobs. Regularly review and adjust these privileges as roles change. In our experience, healthcare organizations do this far better for employees than non-employees like contractors and physicians, and they do a better job with hires and terminations than job changes. After implementing the review process, audit permissions every six months.
Backup and Recovery Plans
Regular backups are vital to ensuring that, even in the worst-case scenario, you can restore your systems without paying a ransom. Ensure your backup strategy covers all essential data and test your recovery processes regularly to ensure they work when needed. Backup provider Veeam reports in their 2023 report on ransomware trends that 93 percent of ransomware attacks attempted to destroy backup data, making it essential for you to store backups separately from your network to protect them from being encrypted by ransomware. Note that many healthcare organizations greatly underestimate the time required to restore their entire system from a backup; it’s critical to test restoration time so you know what to expect in the event of an emergency.
Regular Vulnerability Assessments
Vulnerability assessments and penetration testing help identify potential weaknesses in your systems before attackers do. Regular assessments give you a clear picture of where you stand and allow you to promptly address vulnerabilities. For Medsphere IT outsourcing clients, we do port scanning at least once a month and more invasive testing less frequently.
Incident Response Plan
Despite your best efforts, a ransomware attack may occur. Putting an incident response plan in place enables you to act quickly to contain and eradicate the threat, minimize downtime, and start the recovery process. Your plan should include defined roles and responsibilities, communication strategies, and steps for resuming normal operations.
Collaborate and Share Information
Sharing threat intelligence with other hospitals and health organizations builds a collective defense against ransomware. Participating in healthcare cybersecurity alliances helps you stay ahead of emerging threats and better equip your organization against them.
Ransomware prevention requires a multi-faceted approach that combines technology, processes, and people. By following these best practices, hospital IT executives can significantly reduce the likelihood and potential impact of a ransomware attack, ultimately safeguarding their institutions and the patients they serve. The responsibility is heavy, but the importance of a well-protected healthcare system cannot be overstated. Remember: In this mission, the prevention is always better than the cure.
In every healthcare organization there is an underlying awareness of costs and a pervasive desire to keep them down, which is completely understandable. Remember, however, that the cost of preventing a ransomware attack is far less than the cost of responding to one, and the data suggests that assuming your facility will never get hit is a risky approach. Medsphere’s security experts have conducted hundreds of assessments for hospitals, physician practices, and healthcare vendors. We focus on your risks, help identify best practices, and can even assist with implementation if you need that expertise.
Contact us today to schedule your free assessment and take the first step towards securing your hospital’s IT infrastructure.