Today’s headlines might lead you to believe that ransomware is a recent invention. Would you be shocked to learn that it’s almost 30 years old? Back in 1989, AIDS researcher Dr. Joseph Popp used a bit of social engineering to trick his colleagues into using infected floppy disks masquerading as a questionnaire to measure an individual’s risk of contracting AIDS. Imagine: 20,000 floppy disks were sent out to research colleagues in 90 countries. Little did these researchers realize that Popp had infected the disks with malware known as the “AIDS Trojan.” Interestingly, the virus was only activated after the computer had been booted 90 times, at which point it displayed a ransom note that demanded between $189 and $378.

Back then, the damage was limited because organizations did not depend as heavily on computing and technologies were not as interconnected as they are today. Companies also had little choice but to hope that their backups were solid and that their antivirus software could help disinfect and patch the problem. When kept up to date and properly maintained, these tools might have even been able to detect and quarantine a virus.

There is unfortunately no ransomware antidote other than completely unplugging your equipment. Even then, some malware is smart enough to jump air gaps and infect victims in other ways. Paying the ransom is not a great idea, since it does not preclude you from falling victim again to the same threat actor, who may have planted additional malware during the initial attack.

Download the complete Ransomware Response Guide

Five Key Healthcare Data Security Strategies

These days, ransomware attackers aren’t so patient — they are anxious to get their hands dirty and make money. Similarly, security defense and response strategies should not be stuck in 1989 — especially for healthcare institutions that handle sensitive patient data. By applying basic and effective practices, these institutions can better secure healthcare data and reduce their risk of exposure.

Many organizations start with a cybersecurity risk assessment of essential practices against standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework to evaluate their current maturity, identify gaps and put structured programs in place to reduce risk accordingly. It is crucial to create repeatable, sustainable practices with accountability, and to measure and report your progress along the way.

Below are five key areas to consider that could have a measurable impact on your efforts to secure healthcare data.

1. Back Up Your Data to Get Back Up Quickly

It’s fitting that a good ‘backup’ can help your business get ‘back up’ and running quickly. Develop effective backup techniques and processes, and make sure your backups are copied to offline media or elsewhere to reduce the chance of this data also being infected. Consider using additional tools to protect your vital information. This would require you to know what data is most critical, its value and its risk level, and to monitor activity across the network, endpoints and servers to detect and block unusual activity. For example, a high number of reads or writes on a file share could indicate that ransomware encryption is taking place.

2. Patches Aren’t Just for Jeans

Learn to love patching. Develop automated patch management programs for all practical areas of your infrastructure, from networks, endpoints and servers to applications, databases and, yes, even medical devices, sensors and monitors, since many medical devices can be patched.

When WannaCry hit last year, we found that the clients who had good patching hygiene were not affected. For healthcare, patient safety and quality of care can be directly tied to device security. A cyberattack can affect the operation, configuration and safety of a device itself and can put lives at risk. Look for solutions that manage the full life cycle of endpoints, deploy patches as soon as a vulnerability is discovered in any device and use automation to reduce patch cycle times.

3. Use Effective Network Segmentation

Network segmentation means splitting a computer network into subnetworks that can limit attackers’ lateral movement by confining them to just one zone and potentially keep them away from more critical areas. Effective segmentation controls visitor access to protected data and creates an environment where staff members only have access to data they need to do their jobs.

Another option is to narrow down the number of open ports, since attackers frequently scan for and seek these out to gain entry. To give you an idea how pervasive this issue is, I once scanned a large provider’s multiple data centers to find no less than 750,000 open ports — that’s a lot of open doors! For especially sensitive systems such as electronic medical records (EMRs), that could mean closing down ports 22 and 23, which are frequently used for remote access, and limiting access to critical mobile devices, such as nursing tablets, by geofencing so that devices are only functional when they are on a designated Wi-Fi network.

4. Make a List and Check It Twice

Find out if your applications are naughty or nice — and whitelist those that fall into the latter category. Whitelisting apps means specifying a list of software applications that are permitted to be present and active in your systems. By only running approved programs, you reduce the risk of ransomware running a rogue app.

As more healthcare professionals use tablets and phones to manage and treat patients, it is important to establish a mobile device management (MDM) policy that addresses applications that don’t meet your requirements. Although this might seem almost impossible, the best approach is to start small and build your whitelist gradually by engaging experts and using automation software, such as application profiling solutions. The same holds true for cloud applications: You need to gain visibility into which cloud apps are in use, assess their risks, whitelist vetted applications and provide access via unified identity validation.

5. Hop on the Train

While many ransomware attacks come through vulnerable web applications, some are caused by unknowing users. Your users are your first defense: If they are educated and aware, they can block many intrusions.

Make sure everyone in your organization, including administrative staff and contractors, understands what ransomware looks like and what they can do to prevent an attack. Increase user awareness with training and test them via phishing simulations. A recent healthcare study found that physicians are three times more likely to click on and spread malware than individuals in nonprovider roles, such as office workers. Do your users know how to hover over links and report phishing attacks?

You should also train users on best practices for password management. It’s too tempting to reuse the same credentials when password management is burdensome. Consider adding multifactor authentication (MFA), including biometrics, to remove the need for passwords.

Learn More About Mitigating Ransomware

Now that we’ve discussed some ways you can protect your organization from cyberthreats, you might also be wondering what you can do to both prepare for and respond to ransomware attacks. To learn more, read our Ransomware Response Guide, then step into the future and take action.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…