4 Key Concepts to Protect Your Data as Ransomware Targets US Hospitals

Posted November 10, 2020 by Michael Binder

Despite the many controversies this year, we can all at least agree on one thing – 2020 has been one for the history books. It’s hard to think of another time where so many people agree to fast forward to the ball dropping in Times Square and saying goodbye to this challenging year. It’s brought us everything from a worldwide pandemic, riots, market crashes, and charged presidential elections. As if facing all these unforeseen difficulties wasn’t enough, cybercriminals are now launching targeted attacks on the US healthcare system. Just several days ago, the FBI issued an official alert (AA20-302A) warning of ransomware activity targeting US hospital and healthcare facilities.

From what we know thus far, cybercriminals are using malware called Trickbot. Trickbot started around 2016 as a trojan designed for deploying ransomware, harvesting credentials and exfiltrating data. These days, Trickbot is being used to transport Ryuk, a popular ransomware variant. Ryuk uses encryption to lock up a victim’s computer files as well as uncover backup and system restore points, and then deletes them resulting in a much higher probability that ransom will be paid to unlock the files.

So, what can you do about it? Here are four key concepts that can help reduce the chance of threats like this occurring in your organization.

1. Security Smart Culture is Critical

The most obvious breach of data could potentially be your own organization. The human factor is the first line of defense in cyber security. Hackers attempt to “phish” your users by impersonating legitimate senders to gain direct access to your system. Security training and awareness help build a strong human firewall and continual education should be a top priority to prevent exposure.  

Here are five human firewall traits to share with your team:

  1. Think before clicking – a human firewall reads emails carefully, hovers over links to display the full URL, and treats all requests for sensitive data with skepticism
  2. Use situational awareness – mind your surroundings, stay alert, and never make assumptions
  3. Respect privileged access – ensure that whatever clearance you’ve been granted never gets misused for any reason
  4. Report incidents immediately – they happen, so reporting them immediately is the only way to mitigate damages and reduce future risk
  5. Always follow policy – human firewalls always follow organization’s policies and never circumvent them for any reason, so if something looks skeptical, share with the IT team

By fostering a security “smart” culture, employees are empowered to give back to the organization by helping identify and report ransomware, phishing, and social engineering attempts.

2. Disaster Recovery and Incident Response Planning

The second concept revolves around building a plan to prepare for future disruptions and worst-case scenarios so your team is ready if disaster hits.

Ask yourself these questions to learn if you have the proper protections in place:

  • Do you have step by step instructions including how to deal with an unplanned disaster or incident, who to contact and how to recover the system or lost information?
  • Are you reviewing and refining your plans on a regular basis?
  • Do you have the right staff involved in the plan’s execution and are they familiar with their responsibilities? Regular “live” tabletop exercises and event simulations can help identify how well your written plans apply in a real-world scenario by recognizing strengths and weaknesses. It can also highlight policy and procedural inefficiencies.

3. Maintain the Network

The network plays a key role in either spreading or preventing an infection. How it is maintained and architected can make a difference. Here are a few recommended network best practices to help offset the imminent threat ransomware poses:

  • Backups, Backups, Backups are critical – keep well documented backups, test restoring them on a regular basis, and keep a copy securely stored offsite
  • Scan for vulnerabilities regularly and apply critical patches as they are released
  • Make use of multi-factor authentication wherever possible
  • Use network segmentation to limit production exposure
  • Disable unneeded or unused services and protocols
  • Regularly update antivirus and anti-malware solutions
  • Use application and device-based whitelisting

4.   Is your Vendor Partner a Breach Threat?

Any hospital knows to do their due diligence when considering a new vendor partner. Vendor management’s goal is to continually assess, document, monitor, review, and update vendors and third-party relationships to ensure compliance and security of data and systems. Even if there’s mutual trust between organizations, the fact remains that if a vendor experiences a data breach, your organization may be left picking up the pieces. Your company bears the financial and operational consequences for vendor risk management. 

Before working with a third party, it is important to do your research and make sure that the entity has guidelines and risk management practices in place to avoid security breaches. Here are five points to consider when building or enhancing your vendor management procedures:

  1. Establish several preferred methods for access and communicate this with your vendors
  2. Always monitor vendor changes and access regularly with scheduled reviews to continually update processes
  3. Keep vendor access behind a firewall and segmented from other networks
  4. Include your security and compliance requirements in your contracts as these are important critical details that help set the tone and should also be acknowledged and understood by all parties involved
  5. Review cyber-risk insurance policies to ensure adequate coverage is in place

Third party vendor processes can be very challenging and demand trust and transparency. Many organizations devote significant time and resources to deliver these assurances but still fall short.  A SOC2 type II report can help demystify procedures, establish workflows, and add validation that your audit firm is providing assurance to your efforts around vendor management. 

There are many growing challenges in securing data against all types of threats. Unfortunately, there is no one-shot solution to protecting your company from all potential threats. It is a combination with many different layers that culminate into a strong set of defenses. Protecting your data can no longer just be the function of your IT department so be sure your organization has all of the necessary plans and processes in place to prevent future attacks.