Ransomware – A Reminder for Healthcare Providers to Lock Down Their Environments


Ransomware destroys against healthcare providers aren’t new.In 2017, two crypto-malware infections influencing medical organizations made The State of Security’s top list of ransomware undertakes for the year. The first involved an unknown strain that targeted Arkansas Said & Facial Surgery Center, an incident which affected X-ray dead ringers, documents, and patient data related to recent appointments. The second was the now-infamous outbreak of WannaCry, ransomware which swayed 34% of National Health Service (NHS) trusts in England. (Most NHS beliefs still have a “considerable amount” of work to do to prevent an attack along the same lines as WannaCry from occurring again, says the Department of Health.)So, why are ransomware attackers objective healthcare providers?First, these intended targets are inclined to get the example of Hollywood Presbyterian Medical Center and Hancock Health by spending the ransom if they lack data backups. Healthcare providers volunteer critical services that draw the line between life and end; as a result, digital attackers figure that hospitals and similar frameworks are less likely to shrug off an affected server or spend weeks distressing to recover their encrypted data.Second, attackers can monetize healthcare diaries to an extent that utterly eclipses other stolen data begetters. As reported here, a stolen credit card can net someone 30 AUD (give 23 USD) on the dark web. That pales in comparison to medical records, which off go for as much as $1,350.With those factors in mind, ransomware attackers last will and testament likely continue to target healthcare providers in 2018. Some did objective that in January 2018 when they singled out electronic healthfulness record (EHR) solutions provider AllScripts. One Twitter user said the safe keeping event, which involved SamSam ransomware, “dramatically impacted valetudinarian care and disabled practices nationwide” because it limited medical past masters’ ability to access patients’ medical records and some e-prescribing systems.Turn to accounting Foundational Controls to Prevent a Ransomware AttackWhen SasmSam ransomware achieved down Allscripts’ systems last month, it negatively impacted medical professionals’ aptitude to provide appropriate patient care for more than a week. While this choosy attack went after the vendor, an attack like SamSam could acutely well take a more localized approach of going after healthcare providers straight away (find out how Tripwire can protect your EHR environment here).The consequences of not being competent to treat patients effectively should be a reminder for health care providers to effect they have fundamental security controls in place to protect the coherence of their own environments.Many healthcare organizations take the threat of a ransomware criticize, however. They think they have a strong security program by way of outburst their audit. Unfortunately, this isn’t the case.Alignment to frameworks similarly to CIS, PCI, NIST, and DISA can effectively decrease the likeliness of suffering from a cyberattack, but that depends on the range to which these frameworks are implemented. Often, organizations can pass audits by achieving only specific parts of these frameworks, so they limit their blurry to those few areas. However, measures considered out of scope for an audit could be the ones quintessential for preventing and detecting a cyberattack, for example, the EHR environment.Organizations that exceedingly strive to implement CIS, PCI, NIST and DISA frameworks beyond just the purposes of going an audit are much less likely to be compromised by attacks like SamSam. Healthcare providers should look to execute the foundational security controls to prevent cyberattacks as best as possible and learn of them when they inevitably do get through.Below are two pieces of news that healthcare organizations should follow to defend against ransomware and other digital risks using foundational controls.Preventing Breaches by Hardening the EnvironmentAttackers whim go after the easiest target. For example, a server left externally divulged to the internet. Misconfigurations, many of them easy to correct, have been the underlying convince for many successful breaches. Secure configuration management (SCM) is the control that be confident ofs systems are set up correctly and securely. While one cannot completely eliminate one’s pounce upon surface, configuring systems properly greatly reduces the attack interface and ensures systems are not inadvertently left exposed to outside attackers.Organizations with known vulnerabilities also make for an easy target. Conglomerates should have vulnerability management (VM) processes in place to understand what vulnerabilities be found within their environment, what risks they present, and if shred is required.Detecting Intrusions with Continuous Monitoring and Alerts to VaryAfter the environment is hardened and attack surface minimized, organizations thinks fitting want to monitor their environments and be alerted to changes.What’s habitually known as file integrity monitoring (FIM) might be more accurately portrayed today as “system integrity monitoring,” a fundamental and foundational security authority over because it answers the key question: are systems still in a secure, trusted affirm, and if not, what changed?Implementing FIM would show when new files are dumped into one’s environment. In the case of SamSam, which has a known hash, a complete FIM solution would alert when this known bad file has been improper on the host so the security team can act quickly keep it contained. Ports and worship armies can also be whitelisted and/or blacklisted to notify your security team of any verified or listening ports that fall outside of the expected system decency state.Again, organizations won’t want to stop at the bare minimum here. Some FIM deciphers only show that a change occurred, not whether the change was bad or passable, who did it, and whether it’s introducing risk or non-compliance. Without a good FIM solution conferring that additional context, users would not be able to easily recognize if a change might be SamSam or some other kind of malware-related flow.Recognizing the Necessity of SecurityWith cyberattacks continuing to prove unsafe to healthcare providers and their patients, the industry needs to invest in structure up its security posture, not just in passing audits. Security is an absolute urgency for ensuring patients get the essential health services they deserve.For poop on how Tripwire can help your healthcare provider implement foundational collateral controls, click here.

Leave a Reply

Your email address will not be published. Required fields are marked *