Topic: 4 Steps Healthcare Providers Must Take to Defend Against Ransomware

Healthcare providers have a serious ransomware problem, and it’s getting worse.

In just the last several weeks we’ve seen everything from a ransomware attack that crippled a hospital in Germany, leading to a delay in patient care and ultimately a patient’s death; hundreds of healthcare facilities in the US and UK knocked out by a single ransomware package; and a federal government warning issued by the FBI, Department of Health and Human Services, and Cybersecurity and Infrastructure Security Agency highlighting the “increased and imminent” specter of ransomware threats lurking over hospitals and other healthcare providers.

How did we get here? In one sense, this has been a long time coming. Hospitals and health systems are, quite unfortunately, ripe for ransomware and other cyberattacks. Some of the factors most responsible for the rise in healthcare-targeted cyberattacks are due to the nature of the industry itself, like decentralized operations across hospitals and healthcare providers, and exponentially growing volumes of patient health information being captured and stored electronically (i.e. electronic health records) by health systems.

COVID-19 is also, in many ways, a culprit for these accelerating healthcare ransomware attacks. The sudden onset of the pandemic forced healthcare providers to very quickly set up emergency COVID-19 facilities, with little time to plan out robust IT security infrastructures to protect these facilities. On top of that, the practically overnight shift to telehealth and remote working meant scores of new security gaps were opened – and discovered by attackers – just as quickly.

This trend has moved in tandem alongside another disturbing one: a growing sophistication among ransomware groups. Instead of large-scale, brute force attacks, ransomware attackers have rapidly shifted to more focused, strategically planned and executed strikes – resulting in more precise attacks that are harder to detect and defend against. This is no assembly line, mass-produced product; this stuff is the craft beer of malware. And it’s the reason why resurgent ransomware gangs like Ryuk, which has been credited with one-third of all ransomware attacks occurring in the past year, have had such devastating success by targeting healthcare providers.

So how do they respond? Here are four key steps every healthcare provider needs to undertake to get ahead of their growing ransomware problem.

1. Identify your weak points.

Ransomware attackers move alarmingly quickly. If a target opens a phishing email attachment, it only takes a little over three hours for the cybercriminals to begin performing recon across the target’s network; within a day, they’ll have accessed a domain controller and begun deployment of their ransomware package. So knowing where your vulnerabilities are is critical. Servers with Remote Desktop Protocol (RDP) enabled, unpatched web servers, and a lack of multifactor authentication for logins are all common and key weak points that attackers will exploit.

Topic Discussed: 4 Steps Healthcare Providers Must Take to Defend Against Ransomware

Read Original Article