What Is Happening With Ransomware in Healthcare?

What Is Happening With Ransomware in Healthcare?

In June, Health Data Management hosted a gathering of information security experts to discuss ransomware and how to manager it. They agreed that it is likely that many entities would be hit by it. It is a large and growing problem. Paying the ransom only gives criminals more money to enhance their ransomware.

Daniel Sergile director of security operations at CIOX Health, said, “But it also highlights another issue: Companies don’t do a very good job with their backup and recovery. If I were doing monthly backups and daily intermittent backups, then I wouldn’t have to pay a $17,000 ransom. I’d literally take a snapshot, lose a day’s worth of data, and it would probably cost less than $17,000. It goes back to the basics of information security: Do employees have administrative rights across the complete ecosystem? Are those rights a little too elevated, allowing them to modify their systems? And at the system level, are we investing in all the latest and greatest flavors of antivirus and employee analytic tools? If we go back to basics and do what needs to be done-not to the point where it cripples the business, but secures it-then I think you’d see a lot less people paying that ransom.”

John Mertz, vice president and CIO at South Nassau Communities Hospital, pointed out that if the backups are off-site, obtaining them and restoring them is going to take too much time.

At good hosting facilities, SQL backups occur every 15 minutes. Complete backups are performed daily. These backups are first made on the same physical server on a different disk range from the live database and then are copied to a separate physical server, so they are stored twice. Backups are kept onsite, so in the event of ransomware, the data can be restored quickly.

If you are hosting your own software and database, Steve Dryer, administrator for a hosting facility advises that you do the following:

1. Be sure you are truly doing backups.

2. Be sure you are backing up what you need to backup.

3. Be sure that your backups are good and can truly be read.

4. Be sure that you can and know how to restore your system to a fully functioning state if you need to.

in spite of of where your data and software are hosted, he says you should not rely on backups alone. Have other security in place that monitors and alerts you if a problem occurs.

Keep everything up-to-date and patched. By that he method:

1. Operating system on the PCs

2. Operating system on the server

3. PC and server main board BIOS

4. PC and server drivers

5. PC and server driver controllers and RAID card BIOS and drivers.

6. All PC and Server firmware

7. All network equipment firmware including switches, routers, firewalls, access points and WiFi equipment

8. All virus protection (and of course make sure it is running.)

He goes on to point out that anything that is out of use and no longer being supported, and consequently updated, MUST not be used. That method Windows XP, Microsoft Office 2003 and other no longer supported software and hardware should be replaced.

You must control employee access to only those Internet sites required for the business. Do not allow employees to connect their cell phones or other mobile devices to your practice’s WiFi.

What if a user gets a ransomware message? Maria Suarez, chief information security officer for Hackensack University Medical Center noted that if users ever see a ransomware message, they should disconnect from the network but not strength their computer down.

leave your comment