Ransomware is in the news again for a weeks-long ordeal for the city of Baltimore. Healthcare is another favorite target. In cities and health systems the need to access data is vital to operation. Attacks are growing in number and becoming more sophisticated. The FBI reported that healthcare lost $4.5 million over 337 victims in 2018. The cost could be even higher if patient data was also stolen for exploitation. What is ransomware, how can an attack be avoided, and how can it be dealt with effectively?
Ransomware is a type of malware that prevents users from accessing data, usually by encrypting the data. The hacker demands a fee to restore access. However, there is no guarantee that the attacker can or will restore access once payment is made. Bad actors apply this technique wherever they can, to any industry and even personal systems. Unfortunately, these bad actors have realized that data lockouts create dangerous and life-threatening conditions when applied to critical systems in healthcare. This urgency can motivate an unprepared health system to comply in order to protect patients.
Ransomware spreads like a virus. It requires a person to run malicious code that locks the system. Phishing and drive-by downloads are two common ways to spread ransomware. Phishing is a trick that deceives a person into running a malicious program with a legitimate-looking email. Drive-by downloads either trick a person into running a malicious program off of a website or secretly download and run a program while the person visits a site. All healthcare employees should be extensively trained on how to spot malicious emails and suspicious links. Regular security meetings should be held to remind and update employees on the latest tricks and traps.
The best overall tactic in security is to make yourself a difficult and undesirable target. You want to become not worth the effort. Either the value is too low or the cost is too high. The best defense against ransomware is a disaster recovery plan. With a solid disaster recovery plan in place, ransomware is neutralized. They can go to the trouble of getting in and locking your data up, but you'll sidestep the attack and resume operations. It may cost some time to restore data and systems, but showing yourself as able to recover and unwilling to negotiate will deter future efforts. A good disaster recovery plan should be in place for any medical institution.
The only perfect security is zero access at all. If authorized individuals can access a system then motivated, unauthorized individuals can find a way in. Vigilance from all employees is the first line of defense, and quick recovery is dependant on good planning.