Ransomware is Rampant: Is Your Healthcare Business Safe?

Sep 23, 2021 at 10:20 pm by pj

While a host of protective measures can limit the risk, outsourcing to an expert third party cybersecurity firm may be the safest option


By Eric Brackett 


With ransomware attacks on high profile businesses like Colonial Pipeline and JBS Foods in the headlines, healthcare managers at organizations of all sizes are increasingly asking if they are vulnerable or even next.

According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.  Malicious actors then demand ransom in exchange for decryption.  Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.

Although there are various measures that healthcare businesses can take to reduce the risk of becoming a ransomware victim – which can involve a loss of data and production for an indefinite period until it is resolved – managers shaken by the scope of the problem are increasingly turning to expert third party cybersecurity firms for guidance and protection.

In the battle against ransomware, the challenge is that essentially any healthcare business with older PCs, networks, firewalls, or operating systems is vulnerable, particularly those that do not immediately update to the latest software to “patch” security issues.


Safeguarding Healthcare Businesses of All Sizes

While keeping the entire healthcare business’s IT infrastructure and software fully up to date is necessary, even one PC running an older, unsupported version of Windows can invite intrusion. 

So, the fight against ransomware begins with having a companywide process to ensure that all machines are patched with the latest security updates from Microsoft and other applications as soon as they are released.

Next, defending critical healthcare business processes from attack goes beyond simple anti-virus protection that solely reacts to known threats, and that leaves operations vulnerable to yet unidentified risks.

We recommend a new generation of advanced antivirus software that does not always depend on identifying known threats or ‘signatures.’  Instead, such software uses artificial intelligence to analyze which PC programs and processes are affected and as soon as malicious activity is detected, it stops it.

Email security is also of critical importance today because insufficient precaution in this area is perhaps the leading cause of companies getting ensnared in ransomware.

Statistically most healthcare companies acquire ransomware when an employee receives a suspicious email that seems legitimate and clicks on an embedded link.  This starts the ransomware attack, which then spreads throughout the company network.

To protect against this hazard, we recommend that healthcare businesses use advanced email spam protection tools that offer significantly more defensive capability than earlier, more rudimentary options.

The advanced tools not only filter out all potentially malicious emails, but also stop users from going to dangerous website destinations by clicking on links that could start a ransomware attack,” he says.  The tools rewrite all the embedded link Uniform Resource Locators (URLs).  So, if a user clicks a URL in an email, instead of linking to a potentially dangerous website, they are redirected to a safe location or ‘sandbox.’  The URL is analyzed to determine if it is dangerous, and if it is safe the user is allowed to go to the original website destination.

Since deceptive “phishing” emails designed to start a ransomware attack can appear so similar to authentic emails, we advise that all healthcare employees receive periodic security awareness training.  This not only teaches employees how to distinguish the latest potentially dangerous emails, but also sends safe, simulated phishing emails to test their responses on an as needed basis.  Employees who fail the test can be given additional training, so they will not compromise the business when an actual phishing email-ransomware assault occurs.

If all these defenses fail and ransomware does infect and shut down a healthcare company’s IT network, a reliable back up system should be in place that can quickly restore all critical data.

If a business’s vital server data is encrypted by ransomware, with a good backup solution data can be restored from the backup.  However, some data will be lost depending on the frequency of backup.  Unless these are virtually continuous, a day or even a week or more of current data could be lost.

Moreover, care must be taken as to how data is transferred and saved, so ransomware does not have access to storage sites connected to company networks.

While healthcare businesses can attempt to fight the growing scourge of ransomware in-house, most IT departments do not have the time, resources, or expertise available to deter the constantly evolving threat on a 24/7 basis.

As an alternative, an increasing number of healthcare businesses are cost-effectively protecting against ransomware by outsourcing to professional, third-party firms that remotely and continually provide layers of protection with a comprehensive, integrated IT approach. 

This strategy can continually deter and detect threats as well as resolve vulnerabilities.  Additionally, this eliminates the need to dedicate internal IT staff to these types of tasks.  It also minimizes potential loss and even liability if serious harm were to be caused by disrupted company services.

However, even outsourced IT solutions and services are at risk of ransomware attacks and so must be prepared with advanced monitoring and prevention tools.  For this reason, only carefully selected software tools and technical solutions should be utilized to ensure clients are always operating in a high-performance, reliable, and secure IT environment.   

Persistent threat monitoring and prevention tools can identify root causes of threats, reverse malicious attempts in the early stages, and prevent incidents from penetrating systems.  A 24/7 Security Operating Center can provide managed detection and response by continuously watching the environments and reacting rapidly to potential risks, ensuring ongoing protection with the most current security insights and guidance available.

With the menace of ransomware continuing to escalate, healthcare businesses of all sizes would be wise to examine options for deterring the threat before being victimized.

Eric Brackett is President of BTI Communications Group https://www.btigroup.com, a technology convergence provider that serves the food, logistics, healthcare and aerospace sectors.  The company acts as a single source provider of physical security, access control, network, and complex phone (VoIP) systems, down to installation of wiring and conduit.

For more information on BTI Communications Group, please visit https://www.btigroup.com, contact info@btigroup.com, or call 1-800-HELPBTI (1-800-435-7284).