The threat from ransomware has increased considerably over the course of the past few months, and healthcare organizations are in cybercriminals’ cross-hairs. Attacks on healthcare providers have been occurring with increasing regularity, prompting the FBI to issue a warning.
Ransomware is not new, but it is increasingly being used by cybercriminals to attack large organizations. In 2015, the FBI saw a sharp upward trend in the use of ransomware to attack organizations.
Healthcare organizations are being targeted because they hold large volumes of data which are needed for day to day operations. If cybercriminals can break through security defenses and lock data files, organizations may be forced to give in the attackers’ ransom demands.
The FBI warns that as long as cybercriminals are able to make money with ransomware, attacks will continue. If the first three months of 2016 are anything to go by, attacks will increase in frequency throughout the year.
Healthcare organizations are being targeted, although law enforcement agencies, schools, and state and local governments must also take action to prevent attacks. The FBI advises organizations to get prepared and improve defenses against these types of cyberattacks, while also developing a business continuity plan that can be put in place if a ransomware infection occurs.
The FBI not only warns of an elevated risk of attack, but that ransomware developers are using increasingly sophisticated methods to deliver their malicious payload. Spam email was the main method of infection in years gone by, although anti-spam technologies have improved and this has made it harder for malicious links and attachments to be delivered to inboxes.
Criminals have responded by using phishing and spear phishing to fool end users into installing ransomware or visiting websites where the malicious file-encrypting software is downloaded. The severity of attacks has also increased. Infections no longer just occur on single machines. Attacks can result in files being locked on network drives, portable storage devices, and servers.
How to Deal with the Threat from Ransomware
Prevention strategies should include staff training on phishing prevention and identifying malicious emails and links. All employees must be made aware of how they should deal with a possible ransomware attack, and the procedure for reporting attacks and malicious emails.
However, organizations should not rely on end users. The FBI recommends using “robust technical prevention controls,” to reduce risk. Anti-virus and anti-malware solutions should be implemented and definitions kept up to date. Organizations should consider filtering the Internet to reduce the risk of drive-by ransomware downloads, and macros should be disabled on office files transmitted via email.
Since malicious code is used to exploit software vulnerabilities, healthcare organizations should ensure that operating systems, software, and firmware are patched and to use a centralized patch management system to do this.
In case a ransomware infection occurs, it is essential that the business can continue to function. A business continuity plan must therefore exist that can be implemented immediately in an infection occurs.
It is also essential that locked data can be recovered, so regular data backups must be performed. Since ransomware can lock files on connected drives, backup drives must be air-gapped.
The threat from ransomware may be increasing but, by taking proactive steps, healthcare organization can greatly reduce risk and respond appropriately if an attack occurs, without having to resort to paying a ransom to recover data.