Today’s headlines might lead you to believe that ransomware is a recent invention. Would you be shocked to learn that it’s almost 30 years old? Back in 1989, AIDS researcher Dr. Joseph Popp used a bit of social engineering to trick his colleagues into using infected floppy disks masquerading as a questionnaire to measure an individual’s risk of contracting AIDS. Imagine: 20,000 floppy disks were sent out to research colleagues in 90 countries. Little did these researchers realize that Popp had infected the disks with malware known as the “AIDS Trojan.” Interestingly, the virus was only activated after the computer had been booted 90 times, at which point it displayed a ransom note that demanded between $189 and $378.
Back then, the damage was limited because organizations did not depend as heavily on computing and technologies were not as interconnected as they are today. Companies also had little choice but to hope that their backups were solid and that their antivirus software could help disinfect and patch the problem. When kept up to date and properly maintained, these tools might have even been able to detect and quarantine a virus.
There is unfortunately no ransomware antidote other than completely unplugging your equipment. Even then, some malware is smart enough to jump air gaps and infect victims in other ways. Paying the ransom is not a great idea, since it does not preclude you from falling victim again to the same threat actor, who may have planted additional malware during the initial attack.
Download the complete Ransomware Response Guide
Five Key Healthcare Data Security Strategies
These days, ransomware attackers aren’t so patient — they are anxious to get their hands dirty and make money. Similarly, security defense and response strategies should not be stuck in 1989 — especially for healthcare institutions that handle sensitive patient data. By applying basic and effective practices, these institutions can better secure healthcare data and reduce their risk of exposure.
Many organizations start with a cybersecurity risk assessment of essential practices against standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework to evaluate their current maturity, identify gaps and put structured programs in place to reduce risk accordingly. It is crucial to create repeatable, sustainable practices with accountability, and to measure and report your progress along the way.
Below are five key areas to consider that could have a measurable impact on your efforts to secure healthcare data.
1. Back Up Your Data to Get Back Up Quickly
It’s fitting that a good ‘backup’ can help your business get ‘back up’ and running quickly. Develop effective backup techniques and processes, and make sure your backups are copied to offline media or elsewhere to reduce the chance of this data also being infected. Consider using additional tools to protect your vital information. This would require you to know what data is most critical, its value and its risk level, and to monitor activity across the network, endpoints and servers to detect and block unusual activity. For example, a high number of reads or writes on a file share could indicate that ransomware encryption is taking place.
2. Patches Aren’t Just for Jeans
Learn to love patching. Develop automated patch management programs for all practical areas of your infrastructure, from networks, endpoints and servers to applications, databases and, yes, even medical devices, sensors and monitors, since many medical devices can be patched.
When WannaCry hit last year, we found that the clients who had good patching hygiene were not affected. For healthcare, patient safety and quality of care can be directly tied to device security. A cyberattack can affect the operation, configuration and safety of a device itself and can put lives at risk. Look for solutions that manage the full life cycle of endpoints, deploy patches as soon as a vulnerability is discovered in any device and use automation to reduce patch cycle times.
3. Use Effective Network Segmentation
Network segmentation means splitting a computer network into subnetworks that can limit attackers’ lateral movement by confining them to just one zone and potentially keep them away from more critical areas. Effective segmentation controls visitor access to protected data and creates an environment where staff members only have access to data they need to do their jobs.
Another option is to narrow down the number of open ports, since attackers frequently scan for and seek these out to gain entry. To give you an idea how pervasive this issue is, I once scanned a large provider’s multiple data centers to find no less than 750,000 open ports — that’s a lot of open doors! For especially sensitive systems such as electronic medical records (EMRs), that could mean closing down ports 22 and 23, which are frequently used for remote access, and limiting access to critical mobile devices, such as nursing tablets, by geofencing so that devices are only functional when they are on a designated Wi-Fi network.
4. Make a List and Check It Twice
Find out if your applications are naughty or nice — and whitelist those that fall into the latter category. Whitelisting apps means specifying a list of software applications that are permitted to be present and active in your systems. By only running approved programs, you reduce the risk of ransomware running a rogue app.
As more healthcare professionals use tablets and phones to manage and treat patients, it is important to establish a mobile device management (MDM) policy that addresses applications that don’t meet your requirements. Although this might seem almost impossible, the best approach is to start small and build your whitelist gradually by engaging experts and using automation software, such as application profiling solutions. The same holds true for cloud applications: You need to gain visibility into which cloud apps are in use, assess their risks, whitelist vetted applications and provide access via unified identity validation.
5. Hop on the Train
While many ransomware attacks come through vulnerable web applications, some are caused by unknowing users. Your users are your first defense: If they are educated and aware, they can block many intrusions.
Make sure everyone in your organization, including administrative staff and contractors, understands what ransomware looks like and what they can do to prevent an attack. Increase user awareness with training and test them via phishing simulations. A recent healthcare study found that physicians are three times more likely to click on and spread malware than individuals in nonprovider roles, such as office workers. Do your users know how to hover over links and report phishing attacks?
You should also train users on best practices for password management. It’s too tempting to reuse the same credentials when password management is burdensome. Consider adding multifactor authentication (MFA), including biometrics, to remove the need for passwords.
Learn More About Mitigating Ransomware
Now that we’ve discussed some ways you can protect your organization from cyberthreats, you might also be wondering what you can do to both prepare for and respond to ransomware attacks. To learn more, read our Ransomware Response Guide, then step into the future and take action.
CTO Data Security and Privacy, IBM Security