There’s no denying digital transformation in healthcare continues to be the primary driver of improved patient experience and outcomes, increased agility, optimized workforce and operational efficiency.
Virtually all healthcare providers are accelerating their digital transformation programs to take advantage of the promises and innovations of information-driven healthcare. But with increased opportunity also comes increased risk.
As the healthcare IT environment grows more complex and the attack surface continues to expand, driven by IoT, wearables, at-home monitoring devices, mobility and other digital endpoints, security concerns around protecting patient data continue to be the biggest inhibitor to healthcare organizations successfully executing digital business transformation.
With the rapid rise in the use of digitized care-critical tools and health information like electronic health records and patient data, the industry is a top target for cyber criminals to exploit vulnerabilities. And as medical devices rely increasingly on wireless and internet connectivity, cyber vigilance must be top of mind across an interconnected healthcare ecosystem. Recently, the FDA issued a warning on security vulnerabilities of certain implantable cardiac medical devices where hacker intrusion and exploitation of device configurations could lead to patient harm.
Last year’s WannaCry ransomware attack, which affected more than 300,000 machines across 150 countries, highlights the vulnerabilities of any security perimeter and IT infrastructure and the devastating impact of malware penetrating and infecting systems and servers, making them inaccessible with dire and sometimes mortal consequences. And the bad news doesn’t end there: 67 percent of CISO’s and CIO’s believe their companies are more likely to fall victim to a cyber-attack or data breach in 2018 than in 2017.
So, what is the answer? The new security paradigm for healthcare providers requires a layered approach to risk management, with integrated and adaptive security solutions, controls and defenses, to combat ransomware and other forms of malware.
Below are five key steps for risk management professionals to build discipline in helping to prevent, detect and respond to ransomware, the most popular form of malware attacks.
- EDUCATE – A good ransomware prevention strategy starts with security awareness training and education of all employees. Since phishing exploits human susceptibility, 59 percent of hackers identified phishing as the best strategy for data exfiltration. Employees must be empowered to recognize and report phishing attempts to proactively thwart this attack vector and help create a collective organizational defense.
Special attention should be paid to high-risk employees who are more likely to be targets of email phishing campaigns. These individuals typically include customer service, call center and employees that handle or have access to sensitive company information.
- PROTECT – In today’s threat landscape, healthcare organizations must take a layered approach to building robust defenses. Good spam and email filters can go a long way in blocking malicious penetration of the network, and anti-phishing software should be deployed in the email gateway for added protection. Anti-ransomware clients can also inspect for encryption software to help prevent malware from being executed on critical infrastructure and systems. And to limit the lateral spread of malware, segmenting the data center environment and employee user environment provides better protection than flat networking architectures.
- DETECT – It’s not a matter of if, but when. Applying intrusion detection technologies to protect email servers, combined with threat intelligence solutions that can detect and block malware in real-time at the edge, will help thwart ransomware attacks and reduce exposure. Some network security providers blocked WannaCry at the edge through proprietary threat intelligence capabilities, keeping healthcare customers out of the international spotlight, but more importantly, protecting their patients, critical infrastructure and systems.
- TEST – No matter what security defenses you have in place, 10 percent of employees will still click on a phishing email. For large healthcare organizations, this statistic is a cause for grave concern. Hiring a third-party to conduct simulated phishing attacks on your employees will allow you to discover your organization’s susceptibility “click rate” and aid in cybersecurity training. Testing can also provide deeper analytics around users that hovered over a malicious link, whether data was entered, or if sensitive data was submitted among other insightful and actionable reporting metrics.
- BACK-UP – In the worst-case scenario of being unable to protect, detect and stop ransomware from spreading across the infrastructure, backing up critical data is your best recovery option. This highlights the importance of conducting data inventory and data classification, so the organization knows the most important data to back up and protect against business threatening downtime and paralyzed systems. Also, keep backups offline and segmented from production environments to prevent ransomware from corrupting backup copies and holding critical data hostage.
The bottom line: Healthcare organizations must execute a layered approach to risk management with robust security controls aligned to all digital transformation initiatives. Security cannot be an afterthought. And with 78 percent of healthcare providers experiencing a ransomware or malware attack in the past 12 months, it’s clear the time to build those advanced layers is now.
To learn how CenturyLink is helping healthcare organizations combat today’s sophisticated cyber threats, visit us at HIMSS 2018, booth 1469.