It wasn’t retail.
It wasn’t government.
It wasn’t even finance.
It’s healthcare. Unfortunately, this trend is expected to continue this year and throughout 2017 as well. Why? Because electronic healthcare records are twenty times more valuable on the black market than other sensitive data, including credit card information.
Cyber security is a major concern within the healthcare industry and if you’re looking to become a trusted advisor for healthcare organizations, there’s one specific attack that’s doing a sizable amount of damage.
It’s called ransomware and – depending on the size of the targeted company, which data or systems are affected and whether or not backups are available – it can cost a healthcare organization between $700,000 and $1.5 million. Not only is it a financial burden, but ransomware can damage a company’s reputation, or worse - it can interfere with patient care by preventing caregivers access to life-saving medical information.
Let’s discuss the different types of ransomware, how to identify it once it’s infected a system and actions you can recommend to your customers to prevent an attack before it happens. Be sure to subscribe to Avnet Advantage to be one of the first to see next week’s follow-up article, brought to you by VERITAS™, which will include a 10-step checklist on how to help a company that’s become infected.
What is ransomware?
If you’ve ever used a computer that has pop-up ads or redirects websites to others, you already have an idea of what ransomware can act like. Frankly, it’s obnoxious!
Ransomware works similarly. It can infect a computer just from a user doing something like clicking the wrong link or downloading the wrong attachment. Once it’s infected a system, the ransomware can hold data or systems hostage and then demand payment from the victim in order to regain access.
88% of ransomware attacks target hospitals. Consider an employee in a hospital clinic using a shared system to access data for a patient’s care. He or she goes to the workstation but sees a pop-up notification. It might pose as an alert from the hospital, stating the employee broke the law and must pay a fine in order to regain access. Remember though, this is a shared station, something many hospitals utilize with employees. If one station is shared by more than 30 or 40 people, it only takes one person to click the wrong thing for everyone to be affected. In this scenario, now all of the employees that share that workstation can’t do their jobs.
There are two types of ransomware:
- Locker: Locker ransomware locks access to all systems. This means users can’t perform any actions on the infected computer besides look at the pop-up screen notification containing the ransom note. All data and systems have been locked and users have to pay to regain access to the system.
- Crypto: Currently the more common form of ransomware, crypto ransomware targets certain data systems and files then encrypts them. It leaves ransom notes throughout the system demanding payment for the key that will decrypt or unlock the needed files.
Because ransomware prevents users from having complete access to their systems, it may in fact be a distraction for more devious actions, like stealing sensitive data. Even if payment is received, many times the hackers won’t restore systems right away. They may even try and extort more money if they know the victim is willing to pay.
You can see how ransomware can be both frustrating and dangerous. Now let’s take a look at prevention best practices.
Preventing ransomware with people, process and technology
The best way to fight ransomware is to utilize a holistic plan – people, process and technology – to prevent attacks before they happen.
People – Remember how ransomware gains access to a system – by actions involving emails, suspicious downloads or clicks, USB drives, etc. It’s critical to train all employees, not just IT or security employees, to be suspicious of unsolicited attachments and exercise caution online. Continuous user education for these common threats enforces a culture of security among employees – but that’s just one way to secure an organization.
Process – Security cannot be a one-time thing. It’s not enough to perform an assessment or scan and then call it a day. By implementing an accountable, consistent security policy and processes, healthcare organizations can improve their defenses against ransomware.
Technology – Healthcare organizations should utilize multiple layers of technology to fight ransomware attacks. This includes:
- IT security solutions - to protect the perimeter
- Information governance - to identify and protect the company’s most critical data with backups and recovery options. This can help control the amount of damage done in the event of an attack.
- Business continuity and disaster recovery solutions - because of the Affordable Care Act (ACA), healthcare companies must make records available to patients and other hospitals. They need to be able to recover quickly in the event of an attack as well as protect and preserve all sensitive data from cyber criminals.
All three of these things – people, process and technology – must also undergo routine, mandatory testing to be sure systems and plans function as designed and employees are up-to-date on education and training.
Become a healthcare trusted advisor
Healthcare organizations are concerned about ransomware and will need a partner to help them figure out a winning security policy, select the appropriate technology and solutions, implement and test a disaster recovery plan and more. Are you ready to be their trusted advisor?
Resources are available to you from Avnet and Veritas on Avnet’s Knowledge Network – a sales training and enablement portal for partners – including on-demand e-learning healthcare industry sales training and security sales training.
Avnet also offers the Healthpath University, a full-day, instructor-led and healthcare-driven workshop with training topics that include key stakeholder, pain point and challenge identification, as well as what solutions companies look to purchase and much more. Contact your Avnet representative for more information.