The healthcare industry continues to be a prime target of cyber attacks with nearly 90 percent of healthcare organizations reporting a data breach in the past two years.
One of the more troubling aspects of this upward trend is how easily someone with basic technical skills can launch an attack. The dark web teems with do-it-yourself toolkits (think malware-as-a-service) that make it easy for any ill-intended person with a small amount of technical knowledge to create and launch a malware attack.
Ransomware Targets Hospitals
Ransomware attacks have increased exponentially and healthcare organizations are a top target. One reason for this is the inclination of cyber attackers to target organizations with a high incentive to pay.
Healthcare organizations can not afford to have their systems down for any length of time and fall squarely into this category. With patient health and safety at stake, many hospitals resort to paying the ransom to quickly get up and running again — even though the FBI recommends against it.
Hollywood Presbyterian Medical Center in California is a case in point. In February, it forked over a $17,000 bitcoin ransom to regain access to operational systems encrypted in a hugely publicized ransomware attack. Kansas Heart Hospital in Wichita also paid; but in a disturbing trend, regained only partial access to its data — along with a demand for more ransom.
Ransomware attacks cause system shutdowns that are disruptive to hospital operations and can be detrimental to the reputation of the institution, and potentially, revenue. Fortunately, there have been no reports to date of harm to patients as a result of ransomware.
Many Attacks Can Be Successfully Prevented
Many of the most successful malware and ransomware attacks are perpetrated through phishing and spear-phishing, and email continues to be a preferred medium for bad actors. Attacks are inadvertently initiated by unsuspecting employees who click on malicious links or attachments. It only takes one employee to open the link to launch the attack.
The good news is that hospital employees can be trained to recognize and refrain from clicking on suspicious emails and web links. Experts agree that with regular cybersecurity awareness training, employees play a crucial role in the prevention and mitigation of ransomware and other cyber attacks.
A Cohesive Technology Platform Simplifies Security
But people are just one element of a strong cybersecurity posture. As threats evolve and mobile devices add to the number of exploitable attack vectors, hospitals also need to reassess the strengths and vulnerabilities of existing IT systems and security technology tools.
To fully protect their organizations from threats, hospitals need to adopt a cybersecurity strategy that involves multiple layers of defense, woven together in a way that improves the efficacy of all security solutions, simplifies the sharing of actionable threat intelligence, and centralizes administration.
In addition to employee education, some key components of a strong, multi-layered defense strategy include:
- Endpoint security that integrates with the entire fabric of the cybersecurity platform and monitors user activities.
- Security of critical services and platforms: A comprehensive approach will include legacy systems and critical patient interfacing devices.
- Dynamic interaction: For real-time visibility into threats throughout the entire infrastructure, data sharing across the fabric of the whole security landscape is critical.
Unique Challenges Call For Unique Solutions
While cybersecurity is a concern shared by all industries, healthcare faces unique challenges as a prime target of cybercriminals looking to profit from the theft or compromise of valuable patient data. Countering bad actors requires a unified approach to security.
Xiologix offers the expertise and solutions to help you develop a unique “security fabric” architecture, optimized to give your healthcare organization best-in-class protection from ransomware and other threats. Contact us to learn more.