With the advent of ever-evolving cyberthreat vectors, such as the WannaCry worm, ransomware attacks that are hitting hospitals at an increased rate, healthcare organizations are more vulnerable than ever to attack. But even as healthcare organization IT teams begin to tighten security, implement effective best practices and training, and bring in new suites of security software, every IT team should be prepared to fall victim to a ransomware attack at some point.
“Of course, you are going to try to prevent the infection. The problem is that the chances of preventing that infection aren’t always 100 percent,” Gartner Research Director Robert Rhame told attendees of the Commvault GO 2017 conference on Nov. 7, speaking at the session “Bounce Back from Ransomware and Destructive Malware.”
Rhame offers several tips on how organizations can effectively prepare their systems and teams to bounce back from a cyberattack that finds its way inside. Here are four that can best help organization IT teams prepare:
1. Form a Single Crisis Management Team
Once an attack is inside the system, it’s important to get all hands on deck to understand the threat, contain it and make decisions as to how to best come back from it, said Rhame.
By establishing this team beforehand, all members will be prepared for their part in combatting the attack — as long as they have the tools at hand to communicate.
“This means you’re going to require, most likely, out-of-band communications,” said Rhame. “If you don’t have email, how are you going to communicate? If you don’t have a [Microsoft] Exchange server and they don’t have you listed as a contact, how are they going to get your contact information?”
2. Set the Stage to Reduce the Ransomware’s Impact
Organizations should be prepared for ransomware to enter their IT systems and ensure that their IT infrastructures minimize the ransomware’s ability to run at its full capacity.
“You want to make sure that the ransomware’s chance of actually executing while it’s on a server or workstation are minimized. Or that its ability to get to a control structure is cut off,” said Rhame.
Organizations should also look to ensure that if one part of the organization gets hit, it doesn’t take out the rest of the systems.
“Essentially what you’re doing is trying to contain the attack,” said Rhame. “That comes with compartmentalization, minimizing your windows for loss.”
Implementing network segmentation or putting up firewalls between the user zone and the server zone can keep the ransomware contained, said Rhame.
“Basic compartmentalization is something that needs to be implemented. It basically prevents scanning, hookups, lots of things,” he said.
3. Set Up Modern Disaster Recovery Systems
Improving backup plans and system redundancy is a critical aspect of disaster recovery, but many organizations many not be fully prepared.
“A lot of the organizations I talk to set up disaster recovery back in the day when a disaster was an asteroid coming through the atmosphere and taking out the data centers,” said Rhame. “They have synchronous replication set up and … when something gets encrypted, everything gets replicated.”
To prevent this, healthcare organizations should take a look at their current disaster recovery systems and ensure they have the proper recovery techniques in place to keep data safe from ransomware attacks.
“You need to have set up snapshots or read-only aspects called journaling so that the content that’s being replicated can be stepped back in time as opposed to being a true copy,” said Rhame.
4. Patch Systems Frequently
For many organizations hit by WannaCry, the attack could have been prevented if they had installed a patch that Microsoft released nearly three months prior to the attack.
“There’s a lot of organizations that don’t patch very frequently,” said Rhame, adding that this allows cyberattackers to take advantage of vulnerable systems, whereas developing cyberthreats that can take advantage of up-to-date systems is a much more difficult task. “Keeping up-to-date with known, critical vulnerabilities is very important.”
While patching and ensuring that systems are up-to-date are particularly important to reducing a healthcare organization’s vulnerability to attack, leadership and IT teams need to realize that even these best practices may not keep them safe.
“No security tools are 100 percent, that’s what you’re up against, so you need to protect as if something will evade them,” said Rhame. “There is no silver bullet.”