Four Key Steps for Healthcare Providers to Combat Ransomware

Dan Schiappa, Chief Product Officer, Sophos

Globally, ransomware attacks have been one of the biggest threats to cybersecurity, particularly in the healthcare sector. In fact, in November 2020 the United States FBI, Department of Health and Human Services, and Cybersecurity and Infrastructure Security Agency issued strong warnings of an ‘increased and imminent’ threat of ransomware attacks on hospitals and other healthcare providers.

This announcement followed a previous attack on Universal Health Services (UHS), one of the largest chains of healthcare facilities in the U.S., that knocked its systems offline. Patient care was still safely provided while UHS restored its computers, the fact that adversaries even targeted UHS and then succeeded at the attack is eye opening.

How did we get here? In one sense, this has been a long time coming. Hospitals and health systems are, quite unfortunately, ripe for ransomware and other cyberattacks. Some of the factors most responsible for the rise in healthcare-targeted cyberattacks are due to the nature of the industry itself, like decentralized operations across healthcare providers and exponentially growing volumes of patient health information being captured and stored electronically (i.e. electronic health records) by health systems.

COVID-19 is also, in many ways, a culprit for these accelerating healthcare ransomware attacks. The sudden onset of the pandemic forced healthcare providers to hurriedly set up emergency COVID-19 facilities, with little time to plan out robust IT security infrastructures to safeguard these facilities.

On top of that, the practically overnight shift to telehealth and remote working meant scores of new security gaps were opened and discovered by attackers at a fast rate.

This trend has moved in tandem alongside another disturbing one, that is, a growing sophistication among ransomware groups. Instead of large-scale and brute force attacks, ransomware attackers have rapidly shifted to more focused, strategically planned and executed strikes resulting in more precise attacks that are harder to detect and defend against. This is no assembly line, mass-produced product; this stuff is the craft beer of malware. And it’s the reason why resurgent ransomware gangs have been credited with one-third of all ransomware attacks occurring in the past year, have had such devastating success by targeting healthcare providers.

So how do they respond? Here are four key steps that every healthcare provider needs to undertake to get ahead of their growing ransomware problem.

•Identify your weak points
Ransomware attackers move alarmingly quick. If a target opens a phishing email attachment, it only takes a little over three hours for the cybercriminals to begin performing recon across the target’s network; within a day, they’ll have accessed a domain controller and begun deployment of their ransomware package. Therefore, knowing where your vulnerabilities are is critical. Servers with Remote Desktop Protocol (RDP) enabled, unpatched web servers and a lack of multifactor authentication for logins are all common and key weak points that attackers will exploit.

•IT hygiene + companywide awareness and education
The obvious next step once you’ve identified your weak points is to patch them. Don’t have two-factor authentication? Implement it. Security definitions out of date? Update them. RDP servers are enabled? Shut them down or put them behind a VPN. This is as much an awareness issue as an IT one. Anyone in the organization that sends an email, has a password, or uses a device to log onto a network that needs to know and practice basic IT hygiene, including creating stronger passwords and knowing how to spot spear-phishing emails. If they don’t know what that means, they need to be taught. The security of a hospital’s network is only as strong as its weakest password.

With ransomware, the clock is always ticking and every second counts. It’s not an unbeatable threat, but being able to tackle the ransomware problem means hospitals and health systems can’t waste any time on deploying a combination of robust security defenses and proactive, rapid response measures.

•Implement EDR with human-led threat hunting
Endpoint detection and response (EDR) shores up security defenses for every device linked to a network, while also providing crucial information on potential threats to response teams who track down and neutralize these issues. This goes hand-in-hand with the human touch of a threat hunting team, whose expertise at recognizing red flags, attack patterns and parsing the context of impending threats, empowers organizations to proactively go after the problem by ejecting ransomware packages from networks and neutralizing threats at their root cause, rather than sitting in a reactive position.

•Deploy lightning-fast incident response
Ransomware moves fast, so healthcare providers need to be able to move faster. Sophos Rapid Response does exactly that. A first-of-its-kind offering that accelerates hospitals’ and health systems’ ability to identify, neutralize, and expel cybercriminals from their networks. The speed of your response is critical; it’s the difference between an executed or thwarted ransomware deployment – and potentially of life or death for patients.

With ransomware, the clock is always ticking and every second counts. It’s not an unbeatable threat, but being able to tackle the ransomware problem means hospitals and health systems can’t waste any time on deploying a combination of robust security defenses and proactive, rapid response measures.

Dan Schiappa is chief product officer at next-generation cybersecurity leader Sophos. He’s a transformational and strategic leader who orchestrates the company’s technical strategy, playing an instrumental role in architecting technologies; overseeing product management and research and development; and ensuring product quality. With a passion for education and inspiring the next generation of cyber talent, Dan also serves as chair of the University of Central Florida’s Dean’s Advisory Board, where he oversees various aspects of the school’s elite cybersecurity program.

Current Issue
MicroStrategy: Growth Isn't Sustainable Without Democratization Of Information Within The Enterprise & It Needs To Be Complemented With Seamless Information Consumption