Ransomware best practices for healthcare providers

Chris Nerney
Chris Nerney, Contributing Writer |

As ransomware attacks on hospitals, private practices and health insurers continue to proliferate, providers and other healthcare stakeholders are under increasing pressure to secure patient medical, personal and financial data.
Ransomware penetrates networks through spam, phishing messages, websites, and email attachments. Once users click on malicious links or open infected attachments, the ransomware infects the computer in a way that makes it inaccessible to authorized users. The hacker then demands a ransom – typically in a digital currency such as Bitcoin to maintain anonymity – in return for a decryption key. In the worst-case scenario, providers will pay a ransom but the hackers don’t provide the decryption key.
The U.S. Department of Human Services (HHS) recently updated its HIPAA guidance regarding ransomware, urging healthcare organizations to implement security measures that include risk analysis and remediation, the use of tools and procedures to detect and block malicious software, and tighter access control to electronic patient data.
In a recent blog post titled “10 Things to Know About Ransomware,” Shiv Ganapathy of Spirent SecurityLabs offers a primer on types of ransomware, how files become infected, and the impact of a successful ransomware attack. At the end of the post, Ganapathy lists a number of best practices to protect against ransomware, including:
Frequent vulnerability scanning and penetration testing of external and internal networks, devices, and web applications to identify security holes or any known vulnerabilities
Patches and updates to operating systems, antivirus software, browsers, Adobe Flash Player, Quicktime, Java, and other applications
Raise awareness among users regarding attachments from unknown or suspicious email sources
Keep anti-virus software current and scan all software downloaded from the internet prior to executing.
Restrict permissions to prevent installation and execution of unauthorized software applications.
Create a data backup and recovery plan, routinely back up servers, and consider backing up critical data using two different formats and an off-site backup.
Customize email/spam filter settings to block emails with suspicious attachments. If these emails can’t reach healthcare employees, their dangerous payloads can’t be activated.
You can read all of Ganepathy’s post here.