Ransomware attacks on healthcare organizations are expected to quadruple by 2020.
In a typical healthcare ransomware attack, a hacker will shut down a portion of the electronic health records (EHR) by encrypting access to the systems with a security key that only the hacker knows. The systems targeted could contain patient medical data, credit card numbers and other personal information affecting thousands of people. For a large sum of money, normally in the form of hard-to-trace, digital cryptocurrency like Bitcoin, the hacker will unlock the encrypted systems held hostage. In most cases, the cyber thief will hold the locked information for weeks or even months until the payout is made. But even after payment, there’s no guarantee the data will be released. This type of scenario could potentially bring a health organization to a standstill … delaying patients in receiving medical care, and ultimately creating a huge loss of income for the medical entity. In addition, Health Insurance Portability and Accountability Act (HIPAA) fines for compromised records could be hefty.
Despite some progress, EHR vulnerabilities and underfunding for cybersecurity continue to put many health organizations and affiliated organizations at risk. Even those with back up and business continuity processes in place, attackers are continually inventing new ways to attack healthcare businesses. Either they are inventing new tactics to penetrate existing defenses or, having been successful in attacking on a small scale, they are looking to expand data breaches on a larger scale. Existing security defenses used today can be vulnerable tomorrow.
Be Prepared with Managed Security Services
A smart, multi-tiered defense can make a difference in strengthening your security posture. Many healthcare organizations are turning to managed security services to better secure their businesses. These services proactively identify and eliminate vulnerabilities, risks and threat actors that endanger healthcare organizations. In addition, they can free-up your IT staff to spend more time working on strategic initiatives and less time monitoring day-to-day security problems.
Fully managed security services can include:
- Easy-to-adopt solutions to move EHRs to the cloud
- Around-the-clock monitoring by a team of certified security experts
- Backup and disaster recovery to safeguard critical data, applications and systems from permanent loss
- Managed detection and response to identify, contain and remediate threats
- Vulnerability scans to locate assets and devices with unpatched software or insecure configurations
- Firewall and IPS management to identify suspicious behavior and policy violations
- Data risk intelligence to better understand total risk exposure
- Patch management to address security weaknesses
- Antivirus diagnosis to protect against malware, ransomware, trojans, viruses or malicious downloads
Cyber attackers never sleep. By staying one step ahead, healthcare organizations have a better chance to avoid making the next headline of another hospital or medical office being shut down. Managed security services provide multiple layers of defense to tighten security and reduce cyber risks in event of future attacks. If you need help protecting your organization against ransomware, contact Magna5.
Source: Becker’s Health IT & CIO Report, April 7, 2017, “Healthcare Ransomware Attacks to Jump 4-Fold by 2020”