Another day, another ransomware attack at a medical facility. Despite years of continued warnings, including as recently as the HIMSS 2016 Conference, this year 14 hospitals have already been the victims of a ransomware hack which left their network crippled and in some cases forcing them to turn away patients. In March alone, hospitals in Kentucky, California, Maryland and Washington DC were all victims…in one month! The consequences can be life threatening; without access to patient records or built in safeguards from a CPOE program, a patient may be treated with a medicine they are allergic to or is contraindicated because of other medications or health conditions.
Speculation around how these hospitals get infected includes the usual channels and often centers on the most obvious point of entry: your users. Though there are most certainly other ways for the ransomware to be delivered to the network: Case in point – Outdated network infrastructure. If you are in the mood for a scary story, consider this piece from Ars Technica in 2012 which demonstrated the outdated systems running in one modern hospital. Even four years later industry insiders will still admit to being behind the times.
Clearly there are educational opportunities that exist which can address this problem. BOD’s and the C Suite need to be educated on the basic condition of their network, and properly assess its risks through regular auditing. CFO’s and CIO’s need to work together to allocate resources to address those risks appropriately. Staff need to be educated on basic security procedures, and additional security measures like e-mail filtering, MFA and/or blocking access to outside websites may need to be considered.
But doing all of the above requires not only time, money and in many cases a significant culture shift; it also requires staff with the expertise to perform it. What can you do that would protect you from many of the dangers of ransomware while you put your other plans in place?
One of the often overlooked aspects of networks, it is vital to have all of the information on your network backed up on a regular basis. You should be doing this already for other Disaster Recovery related reasons; things like floods, earthquakes or major storms that could disrupt the network and bring it down. But having backups available also helps you give a one finger salute to the hackers trying to hold your data hostage: if you have good backups of the data they are holding that you can access, you won’t need to pay the ransom to get your files back. You still have them, and you can continue to operate normally after you switch to them. The switch itself may be involved depending on the backup methods you are using, but it will be much easier than trying to deal with the hackers. One important thing to note: depending on the skill of the hackers and their program, even after you pay them to regain access to your data, you may not be able to use it. This makes backups even more important.
When implementing backups, or evaluating your current procedures for backing up data, it is important to assess how much risk is acceptable for you. Best practices recommend at least one off-site backup, in addition to one or multiple backups on-site but on a separate network. Particularly for off-site backups, if that is your last resort, you need to think about how much data you are willing to lose when creating your backup schedule. Is it acceptable to lose a days worth of data? Three days? A week? That question should drive your decisions on how often to update your backups.
Check out this infographic from TrendMicro for more on Ransomware and how you can prevent it.