Ransomware dominated the healthcare industry in 2017, with six of the top ten breaches reported to the U.S. Department of Health and Human Services a direct result of the malicious software. An article on Security Current looks at some ransomware attacks from 2017 as well as steps you can take to help avoid becoming a victim.
What is ransomware?
In a ransomware attack, access to your computer systems or files are blocked by the attacker using encryption. These important files are kept locked and held for ransom until the victim pays the requested ransom, at which time the attacker may or may not give the victim the encryption key to recover their data. Even if the individual or organization recovers their data in a ransomware attack, there is no guarantee that the cybercriminal did not steal their data prior to encrypting it.
Why is the healthcare industry a target for cybercriminals?
It is safe to say that the healthcare industry has become a prime target for cybercriminals, but why? One reason may be that organizations holding health data tend to lack a mature security posture compared to other industries, such as finance. Another reason cybercriminals target the healthcare industry is simply due to the value of medical records, which are often more valuable than transient data such as credit card numbers.
In addition, medical facilities rely on access to their patient data around the clock as part of their everyday workflow. When access to critical data is unavailable, patient lives can be at stake, so restoring data in a medical facility is vital following an attack.
Ransomware in 2017
Airway Oxygen, Inc. knows firsthand the trouble that ransomware can cause. In 2017, the organization fell victim to a ransomware attack that affected 500,000 individuals when their technical infrastructure was compromised by unidentified cybercriminals. Purity Cylinder and Airway Oxygen, two affiliated companies were denied access to their data as a result of the attack. PHI involved in the breach include payment information for their customers, names, addresses, phone numbers, dates of birth, diagnosis’, health insurance information and the type of service the individual was receiving.
Another notable ransomware attack in 2017 occurred on Urology Austin, affecting 279,663 individuals. In this attack, data stored on the organization’s servers was encrypted, with the investigation indicating compromised PHI may have included names, addresses, dates of birth, social security numbers and medical information.
How can you minimize the likelihood and impact of a malware/ransomware breach?
- Keep anti-virus and anti-malware installed and up to date across systems
- Keep systems patched and current
- Backup your data off your network as frequently as possible and periodically test your backup process to ensure you can recover all data using backups
- Utilize Group Policy Objects (GPO) restrictions
- Restrict administrative rights across all systems
- Utilize a Secure Internet Gateway on and off the network
- Block users from installing anything on their own
- Utilize a Data Loss Prevention solution and actively monitor it
- Utilize Endpoint Protection and actively monitor it
- Invest in your Information Security program
- Establish routine security awareness training and campaigns
With ransomware growing rapidly, it is important to take the proper steps to ensure your organization does not fall victim and become another statistic.