Tips For Preventing Ransomware Among U.S. Hospitals and Healthcare Providers

By Bill DeLisi, CEO and CTO, GOFBA, Inc.

Bill DeLisi

In October 2020 a joint advisory by the Cybersecurity and Infrastructure Security Agency, the Department of Health and Human Services and the FBI noted there is a “credible information of an increased and imminent cybercrime threat” affecting U.S. hospitals and healthcare providers. A main part of this threat features ransomware attacks, where hackers take control of data and systems to extract ransoms.

The alert detailed the actions of a Russian-speaking group called Ryuk and a type of trojan known as Trickbot. Even more alarming, many healthcare providers might already be infected with malware, with hackers waiting for an opportune time to launch an attack and cripple the organization’s operations.

To prevent successful ransomware attacks, hospital IT and management teams need to implement multi-pronged strategies focusing on training, technology solutions, and other best practices. See below for a few actionable tips to include in your plan.

Preventing Intrusions with Training

A fall 2020 phishing attack against the University of Missouri Health Center exposed data for more than 14,000 patients. The health center noted two employee email accounts were hacked, which led to data access to Social Security numbers, clinical information, and other patient-specific data. The breach underscores the threat of staff members as the most prevalent conduit for hackers. Preventing such instances takes diligent training that helps workers understand the various threats and how they should adjust their behaviors accordingly. This is critically important.

Hackers also attack healthcare providers to take advantage of overworked nurses, doctors, and other clinical staff. COVID-19 places enormous strain on these workers, and they may not make the best IT-related decisions when they’re functioning on limited sleep and enormous stress.

Preventing the “human element” that leads to ransomware attacks requires diligent training. Here are some key tips for employees:

Manage Remote Workers

The number of at-home healthcare workers is exploding due to COVID-19, as administrative and billing roles are easily handled through online platforms. And, with the rise in telemedicine, more practitioners are setting up HIPPA-compliant communications tools from home.

At-home employees are a new reality during COVID-19, but they pose unique risks. For example, these employees are much more likely to look at inappropriate websites containing pornography, which has content filled with malware, spyware and viruses. A Kaspersky study of 6,000 remote workers found more than fifty percent reported looking at adult content on their work devices, which exposes them to personal blackmail, opens a conduit to their employer’s IT infrastructure, and reduces their efficiency as productive employees.

Remote workers often engage in “Shadow IT” which means they make their own choices about various software and devices they use to conduct work. Using unapproved devices and services, such as an unsecured communication/messenger platform, not only exposes patient data to HIPPA violations, but it also exposes the IT infrastructure to hackers. Setting defined BYOD rules is an important addition to managing approved platforms, and keeping your network secure.

Prevent Intrusions

In addition to training, IT can implement other technical and behavioral guidelines to stop breaches and potential ransomware attacks. Ensure your IT group is using the latest firewalls and anti-malware solutions, and just as important, that these are continually updated. Consider using a “secure” search engine and communication platform, such as GOFBA, that greatly reduces the possibility of users reaching sites with suspected malware. A safe and secure communication platform is essential when healthcare staff are working from home.

Additional IT-side tips to reduce ransomware intrusions include:

Why are hospitals and other healthcare organizations consistently threatened with ransomware? Unfortunately, it’s because of the type of valuable data the hackers can steal, “lock” and hold hostage. A common type of ransomware involves a hacker encrypting files or hard drives, and the facility must pay to get the decrypting key. If the hospital does not follow sound backup and redundancy procedures, then they might face losing the data or paying the ransom. Also, and most important to the hacker, hospitals are more likely to pay because the information they hold relates to saving lives. They could also possess data about medical research such as treatment regimens for COVID-19, or other emergency response metrics.

Reducing the ransomware threat is truly a “life or death” situation for healthcare providers, one that requires a combination of training and technology. Having a plan, and incorporating strategies like these, will greatly decrease your chances of being attacked, and more importantly, save lives.


Write a Comment

Your email address will not be published. Required fields are marked *