5 Things Hospitals Can Do to Mitigate Threats of Ransomware

To paraphrase the famous saying, the reason cybercriminals target healthcare is because that is where the money is. With highly valued patient data in their care and real life-or-death consequences for disruptions to care delivery, hospitals are in the crosshairs for ransomware attacks. Unfortunately, as we have seen in multiple recent incidents, healthcare organizations often still have gaps in their cyber defenses. 

Threat actors have been aggressively targeting healthcare with extortion-based cyberattacks. The Change Healthcare incident was particularly damaging because it demonstrated how a successful intrusion against the right entity in the healthcare ecosystem can ripple to thousands of healthcare delivery organizations.

Many lessons emerged from this incident and countless others impacting patient care. We’d like to reinforce a few standard best practices to mitigate this threat. At Providence we use the National Institute of Standards and Technology (NIST) Cybersecurity Framework to ensure a comprehensive approach and measure our maturity against key benchmarks. The framework has five components used to bucket and prioritize our work: Identify, Protect, Detect, Respond, and Recover. 

Specifically for ransomware, there are five critical steps every healthcare organization should take to help mitigate the risk of ransomware attacks:

• Employee Training: The majority of successful cyberattacks begin with social engineering attacks that exploit the trust humans have in others in order to gain a foothold on enterprise networks or systems. By regularly training and educating employees, including through simulated phishing emails, healthcare organizations can have them function as the first line of defense against cyber threats.

• Robust Endpoint Protection: Hackers move fast to exploit vulnerabilities, so healthcare must keep pace. That is why using the most updated antivirus software, firewalls, and intrusion detection systems, is crucial. As an industry we must also press our third-party vendors to also ensure their devices we use, and services we connect to, are similarly protected and are at current patching levels. 

• Account and Access Management: Old or simple passwords, lack of multi-factor authentication, dormant accounts, and unnecessary user administrative privileges create serious risks for unauthorized access to a healthcare organization’s network. Stringent access controls and regular account audits can significantly reduce the risk of hackers gaining access to your system and running amok. 

• Network Segmentation: Similarly, healthcare organizations should divide their network into separate zones with strict access controls to isolate critical systems and sensitive data, limiting the reach of any potential ransomware infection.

• Backup and Disaster Recovery Plans: Much like planning for a hurricane or other natural disaster impacting a healthcare organization’s ability to provide care, it is critical they also plan for how to be resilient in the face of a cyberattack. This should include at a minimum: regularly backing up data, having a reliable recovery plan, and working with the care delivery and operations teams to ensure employees can effectively use downtime procedures to minimize any disruption.

Just as important as each individual healthcare organization implementing these measures, we need to work together as an industry to ensure there are no weak links in our increasingly interconnected healthcare world. By making these cybersecurity fundamentals a consistent standard we can help each other reduce the risk of ransomware and help safeguard our patients against the ever-evolving landscape of cyber threats.