For hackers, hospitals are now one of the most enticing targets. Profit-motivated ransomware attacks have become a prime threat. In order to ensure continuity of operations and patient well-being, hospitals must build ransomware immunity.
Several factors have converged to make hospitals a ripe target. First, the healthcare sector went digital rapidly in response to government mandates to adopt EHRs (electronic health records). According to the Office of National Coordinator for Health Information Technology, as of 2014, EHRs are in use at 96.9% of hospitals — an almost 90% jump from 2008.
Unfortunately, hospitals haven’t been nearly as quick to update their cybersecurity postures to address the risks that go along with digitization.
Then there’s the nature of the healthcare industry itself. If CitiBank falls victim to an attack, it can shut down operations for a few hours. Customers will be annoyed, but ultimately no one will be in any real danger. For a hospital, on the other hand, even minutes of downtime can put patient lives in peril — and unscrupulous hackers are capitalizing on this vulnerability with an uptick in ransomware attacks. Sadly, the most malicious of these cyber criminals view the potential of human harm as an opportunity to profit, not a deterrent — and profiting they are.
Consider the case of Hollywood Presbyterian in southern California — stung by a high profile ransomware attack that was all over the news earlier this year. To restore operations as quickly as possible, the hospital just paid the $17,000 in Bitcoin ransom demanded after a ten-day lockdown. Hollywood Presbyterian was just one of many hospitals hit by ransomware this year.
Tips to Mitigate Ransomware Harms
No hospital wants to be the next ransomware victim. Here are some tips to build up your immunity:
Train employees. Many ransomware attacks (and other threats) begin when an unknowing employee clicks a malicious link or opens an attachment. Employees need to be trained to not click on suspicious-looking links in emails or on websites — as well as how to report unusual behaviors.
Backup data. Makes sense; yet many hospitals still don’t have adequate backup protocols in place — leaving them with little recourse than to pay the ransom to regain control of vital patient data.
Backup systems. Data backup isn’t enough. Hospitals should also back up systems and configurations so that operations can return to normal quickly in the event of an attack.
Create and test recovery plans. Hope for the best, but plan for the worst. When it comes to ransomware attacks, hospitals need to live by this motto. The IT team should develop plans for multiple scenarios, and test them for flaws. You need to know for sure if your systems and employees can withstand the crisis.
The threat of ransomware can be too big for hospitals to tackle on their own. That’s why partnering with a trusted IT security expert offering industry-leading solutions is recommended.
Seven of the top ten hospitals in the U.S. rely on Fortinet’s fabric of healthcare security technologies to build immunity against cyber attacks. A partner of Fortinet, Resilient Intelligent Networks can help you create and deploy a strategy that’s right for your healthcare organizations.