There is a perplexing trend in which hackers have been attacking hospitals with ransomware that blocks the network, forcing the payment of large crypto-currency ransoms to regain control of the infected data files. The so-called Cryptolocker virus, and others like it, holds all of the information resources of a hospital for ransom.
Attacks come in emails, or infected websites, where the simple act of clicking on a link will install the malicious software. The software then has access to the infected system with the same access privileges as the person whose account enabled the penetration.
Preventing unauthorized access is not a new concept to healthcare networks; HIPAA regulations require the secure handling of patient records and information, so any breaches trigger notifications to the government and patients, which creates an added burden during a crisis. Extending the same security practices to network access represent additional burdens on IT departments but not a change of paradigm.
Stopping The Hospital Ransomware Threat
When the attacks gain control of user accounts with sufficient privileges, they lock up the IT files and folders for the entire hospital network. Once a virus deploys, the only way to open the files is to purchase an extortionately priced decryption key. The following strategies are defenses with which healthcare IT departments can respond:
1. Block unwanted digital activity
Deliberately block connections that are not directly part of regular operations and serve no purpose to the network except to provide vulnerabilities; this includes limiting the system to trusted IPs and excluding such overt threats as encrypted dark-web connection attempts.
2. Restrict unnecessary file privileges
IT administrators should review and reduce access for those users who have more authority than required for the roles they play in the network.
3. Move to the cloud
The architecture of cloud-based computing makes it much more resistant to ransomware attacks; managers should explore how they can migrate applicable systems to the cloud to leverage the security capabilities of the leading cloud services providers.
4. Backup all files
The cloud also provides resources to backup all data activity on the scale of large organizations like hospitals with ease. If you have backups to replace ransomed files, you may have the inconvenience of a minimal loss of data and recovery time, but with no need to pay ransoms; you just reboot and start again.
5. Keep up-to-date on the state of the threat
The viruses are varied and evolving, changing as the criminals behind them discover new exploits and respond to countermeasures. Hospital IT departments need to monitor developments and adopt the latest solutions in network security and architecture. Finally, educate your users about the responsibilities and risks they face, and what they need to do to assist in mitigating the risk.
Ransomware attacks pose a genuine threat to hospital IT systems. The most effective response is the one that leverages prevention and the latest capabilities of cloud computing to prevent entry by the malicious software. An intelligent response to this insidious threat is to mitigate the effects by backing up all of your files and preparing for recovery in advance of the event.