The Rise of Malware in Healthcare — and 5 Ways to Keep Threats at Bay

Script-based malware is on the rise and, in 2017, it and other cyberthreats hit the healthcare sector hard. In fact, a recent McAfee Labs Threat Report, found that healthcare organizations were hit the hardest in the second quarter of 2017. For the first time, attacks on the health sector in Q2 surpassed the previous leader, the public sector, thanks to a 67 percent increase in malware.

Healthcare accounted for more than 26 percent of the 52 million new cyber incidents in the second quarter of 2017, the McAfee report found. And while the majority of these attacks were because of human error or accidental disclosures, it’s not likely that the threats will slow anytime soon.

“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organizations in the sector possess,” Vincent Weafer, vice president for McAfee Labs, said in a press release. “They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information.”

Ransomware attacks on hospitals, such as WannaCry and NotPetya, are on the rise, and are threatening the safety and well-being of patients that are affected. It’s important to note that even if attackers don’t end up obtaining the ransom, the attacks are still causing major damage to healthcare organizations.

“It has been claimed that these ransomware campaigns were unsuccessful due to the amount of money made,” said Raj Samani, chief scientist for McAfee, in the release. “However, it is just as likely that the motivation of WannaCry and NotPetya was not to make money but something else. If the motive was disruption then both campaigns were incredibly effective. We now live in a world in which the motive behind ransomware includes more than simply making money. Welcome to the world of pseudo-ransomware.”

5 Best Practices to Keep Healthcare Networks Safe

So, with more cyberattacks likely on the horizon for the healthcare community, how can IT leaders and teams protect their systems from potential worms aside from keeping patches and systems up to date? Here are five ways to keep cyberthreats at bay:

1. Back up files: Files should be backed up and ready to be restored in the event that organizations are locked out of their systems and their data is held for ransom. Be sure to also verify your network restore procedures.

2. Educate users and monitor email threats: “Like other malware, ransomware often infects a system through phishing attacks using email attachments, downloads, and cross-scripting web browsing,” the report points out. If healthcare staff are aware of what phishing emails might look like, they are less likely to invite potential dangers. Further, IT teams can filter email content to reduce the likelihood a phishing attack will even make it to an inbox. Reduce risk by setting up a sandboxing solution, which moves a program to another environment to isolate potential security issues, to analyze potential threats from email attachments.

3. Restrict code execution: “Ransomware is often designed to run under well-known operating system folders. If it cannot reach these folders due to access control, it can block data encryption,” the report states.

4. Beware of administrative and system access: A few types of ransomware call on default accounts to perform operations, something that IT teams can help protect against by “renaming default user accounts and disabling all unnecessary privileged and nonprivileged accounts,” according to the report. Moreover, teams can stop ransomware from running on a local system or spreading by removing local administrative rights, which would grant it access to any critical systems.

5. Play permissions close to the vest: “Consider restricting user-write capabilities, preventing execution from user directories, whitelisting applications and limiting access to network storage or shares,” the report notes, adding that some kinds of ransomware rely on a set file path in order to infect a system and encrypt data. Limiting permissions to a “small number of directories” and removing execution permissions to these directories can cut off these paths. Additionally, the report recommends requiring a login at shared resources, like network folders.