Healthcare News & Insights

How hospitals can prevent and respond to ransomware attacks

Ransomware attackers have focus on the healthcare industry as their target de jour. The attacks are hard to prevent and costly. In this guest post, Rick Clark, corporate security director for a provider of accounts receivable management and revenue recovery solutions for the healthcare industry, reveals how hospitals can protect themselves.


Over the past few years, ransomware attacks have continually appeared in the headlines, with healthcare networks and providers becoming primary targets. This type of cybercrime continues to operate as a global menace, especially as cyber-hygiene continues to be a growing concern while the COVID-19 pandemic sweeps the globe. According to recent industry reports, ransomware damages could cost the world as much as $20 billion by 2021.

These attacks are difficult to prevent, and the aftereffects can be costly. Cybercriminals are continually evolving their strategy and demanding more substantial payouts from small and midsize providers. These providers often have less sophisticated IT systems and a lack of corrective resources, making them particularly vulnerable to attacks – more willing to pay a ransom to recover patient information. However, in today’s uncertain times, paying the ransom is an expense many can’t consider.

To respond effectively to this threat, you must act now to become less vulnerable to attacks and better prepared for them. To do that you need to start with the basics: what ransomware is, how it works, and how providers typically respond.

Brief overview

Ransomware is a specific type of malware that locks healthcare providers and other organizations out of their data, files, and financial records. Cybercriminals then demand a ransom in exchange for restoring the victim’s access.

Malware can enter a system a variety of ways, but it most commonly infiltrates through phishing emails that contain embedded links or attachments that seem innocuous. The attachments might not even carry the full ransomware code; they can simply instruct the system to download the code from an external website.

On average, workers receive over 120 emails every day. Healthcare agents’ heavy reliance on email – and the fact that one opened attachment is all it takes to compromise an entire network – makes healthcare providers’ odds of a ransomware incident particularly high.

Many providers assume paying the ransom will solve the problem. This is a reasonable assumption, but a mistaken one. Recent reports show less than a third of organizations that pay the ransom recover access to their data.

Tighten network security, prepare for the worst

Rather than waiting to be struck, you can better serve your organization by focusing on the three pillars of corporate cybersecurity and continued cyber-hygiene even when working remotely: risk mitigation, early detection and emergency response.

Harden your network with new security protocols and tools – The first step to maximizing system security is restricting access to certain areas of the network. Rather than allowing every employee access to the entire system, provide specific privileges for different departments or even individuals based on their roles and responsibilities.

You’ll also want to install effective anti-malware and anti-virus software to prevent known threats from entering the IT environment. These tools will scan inbound emails for malicious code and flag agent and employee activity that may lead to malicious sites. During current times, it’s also essential that these tools can remotely protect the IT environment as more employees will be accessing the system from alternate locations. You should also add an incident response manager tool to your tech stack so you can quickly identify how and when the system has been compromised and see what changes were made to your system or data.

Create a comprehensive response plan – Your response plan should include the specific steps you’ll take in the event of an attack, starting with notifying law enforcement and asking for their help in determining your odds of recovering data. If you know the type of malicious code used, you may be able to get a decryption key from the FBI’s database if the code has been used before.

You’ll also need to conduct a full forensic analysis of your system and study what communications went out and what actions were deployed on the network. In this case, you’ll likely need an expert’s assistance. Find a company that specializes in forensic analysis, and get them on retainer. Negotiating service fees now, while you’re not under duress, will lower your costs significantly.

Follow up with extensive testing to pinpoint any security gaps and vulnerabilities so you can address them immediately and further reduce your risk. Lean on your forensics partner for assistance with performing a tabletop exercise, and leverage their experience by having them walk you through a ransomware scenario.

Make preparedness and response planning a priority … today

Ransomware attacks are a serious concern for healthcare providers, especially as various other concerns are top of mind during today’s landscape. Safeguarding the personal and financial patient data they’re entrusted with is an ethical and legal imperative. From a business standpoint, it may also be a matter of survival.

Don’t wait for an attack to occur. Start making plans, establishing policies, and securing your network right away so you can limit your exposure and minimize the impact of ransomware on your operations and the patients you serve.

Rick Clark is the corporate security director at Ontario Systems, provider of accounts receivable management and revenue recovery solutions for the collection industry, healthcare providers and financial services.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

Speak Your Mind