<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

10 steps to fight ransomware AFTER it’s infected healthcare systems

Posted by Rick Bryant on Oct 12, 2016 1:01:43 PM

it security ransomwareMore and more, hackers are turning their attention from banks and financial institutions to healthcare organizations. Why? Because they see healthcare companies as low-hanging fruit.

Not only is it relatively easy to infiltrate IT systems, by hacking medical devices, targeting new or uneducated employees and/or from general weak security systems – but also the information being protected is extremely lucrative to criminals.

Cybersecurity is a big concern for your healthcare customers. If hackers get their hands on Protected Healthcare or employee information, they can commit identify fraud. If they access procurement systems, they can redirect payments or steal narcotics. Even if they can’t access sensitive information, hackers can still make a profit by blocking access for healthcare employees using ransomware.

Ransomware is malware that infects a system via a computer or endpoint and locks out critical information, websites, applications, etc. In order to disarm the ransomware and regain access to data or applications, affected healthcare companies have to pay the hackers.

There are ways to help your customers prevent ransomware. You can read more about that in this prevention blog by Avnet partner VERITAS™. But, what happens if your customers are already infected?

10 steps to tackle ransomware after it’s infected systems

1)    Perform a Breach Assessment as directed under HIPAA Omnibus and confirm you’re dealing with ransomware

This is an easy step because unlike many worms or malware, ransomware is loud and in-your-face. If users have popups threatening to delete data or withhold it unless they pay money, chances are you’re dealing with ransomware.

2)     Don’t pay the ransom!!

Paying the ransom only condones the actions of the attacker. Even if they do get paid, they might not even restore systems like they said they would. After all, they are criminals. Taking the right steps can help a company recover data without gambling on the hackers’ goodwill.

3)     Isolate the infected endpoint(s) from the network

Many times hackers will target a single endpoint and lock that device up until the employee or company pays the ransom. Once you know an endpoint has been infected, immediately disconnect it from the network, if possible, to prevent hackers from using the infected endpoint as an open door to access other systems, data or applications.

4)     Bring in your IT solutions provider to help

If you don’t already have a trusted IT advisor, look for a company with capabilities not just in IT security but also in cloud and application deployment and recovery. You’ll need it all to quickly restore systems and help prevent future attacks.

5)     Use backups to recover data and applications quickly, based on priority

If an IT system gets infected and the healthcare organization has a recent backup of data and applications, use that to restore systems before it has a serious effect on operations or worse: patient care. Having a plan in place can mean the ability to wipe compromised applications or data and then recover it quickly on the system using other servers or the cloud.

6)     Check all applications and files for possible infiltration and exfiltration

It may be that the hackers have frozen systems to exploit healthcare companies into paying them in order to regain access, but if they are able to steal data, they will. Have IT security professionals scan and evaluate your entire system for vulnerabilities and breaches.

7)     Don’t assume it’s over

Once a hacker has realized that any one company is vulnerable, it’s likely they’ll continue to look for a way in even after one or more ransomware attacks have been thwarted. Stay alert! Many hackers are now using ransomware as a distraction technique to pull attention away from critical patient care systems.

8)     Increase security and backups

Just because a healthcare organization has identified and secured one weakness in its perimeter doesn’t mean the entire perimeter is safe – and the hacker knows it! Take action as quickly as possible to set up backups (or increase their frequency) and use tools or software to improve security.

9)     Pay close attention to nearby companies

Because many healthcare organizations use the same or similar systems, it’s likely that if one company is attacked, so will other companies in the geographical area. Keep track of similar and nearby companies to possibly learn more about the hackers’ intentions and strategies to help stay one step ahead.

10)  Help launch or increase employee security training and education

Hackers only need one person clicking on one link to gain access to an entire system. It’s so important to encourage education of the healthcare company’s entire staff, not just IT or security employees, and empower everyone to be vigilant and cautious when it comes to downloading unfamiliar attachments, clicking unverified links, using shadow IT or other risky behavior.

Help your healthcare customers stand their ground against ransomware

Ransomware can be a major frustration and distraction for any organization but these days, many hackers are focusing their attention on healthcare. By improving security systems and putting processes in place to not only prevent ransomware but also recover quickly and easily without giving the hackers what they want, healthcare organizations can stop being considered low-hanging fruit.

If you service healthcare organizations, ransomware is a real concern for your customers. Whether or not they have been a victim of ransomware, they will be extremely motivated to fight hackers and keep their data, company and patients safe. Partnering with an IT solutions provider can ensure that you are delivering a solution to your customers that provides security and peace of mind.

To learn more about ransomware and how it affects the healthcare industry, we invite you to watch Avnet’s latest Driving Solutions webinar, sponsored by VERITAS™, Prevent your Healthcare Customers’ Data from Being Held for Ransom. Click here to watch the webinar on-demand.

Tags: Security, Cybersecurity, Ransomware, Cyber Security, Data, Data Backup, Hacking, Healthcare, Healthcare IT, IT Security, Technologies, Veritas, Security Services