Security

How to Secure Healthcare Organizations Against Ransomware Attacks

Phishing, unpatched apps and outdated operating systems put healthcare organizations at risk. A thorough threat prevention strategy is the best defense.

Nathan Eddy

Nathan Eddy works as an independent filmmaker and journalist based in Berlin, specializing in architecture, business technology and healthcare IT. He is a graduate of Northwestern University’s Medill School of Journalism.

Ransomware attacks are on the rise, recently leading the White House to release a memo outlining security best practices. Healthcare organizations are faced with a threat that is not only growing, but also becoming more complex to deal with, at a time when attack surfaces are expanding and malicious actors are becoming savvier in targeting their victims.

Matt Selheimer, senior vice president of marketing for the business solutions group at Bitdefender, and Alina Draganescu, the company’s vice president of strategic initiatives, explain that ransomware is one of the most prevalent attacks against healthcare organizations and hospitals, alongside phishing attacks and credential theft. Prevention is critical to a successful security posture.

DISCOVER: Learn how Bitdefender unifies security across endpoint, network and cloud.

Ransomware Methods and Security Solutions

“This is a complex topic, and there are some obvious initial first steps to highlight,” Draganescu says. “We recommend a comprehensive, deliberate approach against ransomware, and the first steps are related to the most common attack vectors.”

Ransomware attacks often are driven by phishing email campaigns, unpatched apps and outdated operating systems.

“When we talk about becoming more resilient against ransomware, it’s important to first limit the probability of an attack by ensuring apps and operating systems are always up to date,” she says. “That helps IT professionals reduce the attack surface — especially if automated patching can be done, because that improves the speed of removing exploitable vulnerabilities and makes IT people’s lives easier. But there’s no one solution, so deploying multilayered endpoint protection is important because it will help healthcare organizations disrupt a potential attack chain in multiple ways and at different steps.”

It’s important to identify system misconfigurations that unintentionally expose organizations to risk, Draganescu notes, adding that there are solutions available to identify such misconfigurations and quickly fix them.

Nevertheless, in many cases, user behavior is the initial point of compromise, so educating staff to spot phishing emails and rolling out security awareness campaigns will help reduce the ransomware risk.

If someone clicks on a false malicious link, that becomes an opportunity not to blame, but to educate further.”

Matt Selheimer Senior Vice President of Marketing, Business Solutions Group at Bitdefender

“We also recommend security awareness campaigns on a continuous basis — it’s not a one-and-done situation. Deploying an email-specific solution as part of the overall security strategy, identifying the most sensitive and most important data to secure, and conducting frequent backups for those valuable assets are also critical,” Draganescu says.

Selheimer adds that ransomware actors are growing more sophisticated about social engineering, looking for people with elevated credentials or access to company data and targeting them specifically.

“They’ve gotten more sophisticated about emails. It’s hard to spot them, so a blame-the-user attitude is not good,” he says. “It’s wrong to assume the people who click on these links are not smart. So, continuous training and internal phishing attempts — I’ve been phished by my own IT team in more than one company — is a really good practice to educate them. If someone clicks on a false malicious link, that becomes an opportunity not to blame, but to educate further.”

Draganescu notes that healthcare organizations face multiple challenges when it comes to addressing the ransomware threat. That includes balancing privacy, budgets and security skills.

“It’s a challenge to find the solution that provides the highest level of protection, complies with regulations and data privacy, stays under budget and can be managed by the current team,” she says.

Another complicating factor, most recently accelerated by the pandemic, is the rapid adoption of cloud technology and virtual care platforms.

“Many organizations think that somehow the cloud is inherently more secure. In the early days of cloud that may have been somewhat true, as malicious actors could identify a specific healthcare organization’s IP address range to target their traditional IT infrastructure, and the cloud provided a greater degree of anonymity,” Draganescu says.

“But now, with attackers using more automation and going after IP ranges at speed, they can leverage both ‘spray and pray’ methods — which can inadvertently hit a healthcare organization’s cloud systems — or they can rely on IP address lookups to continue to go after IP ranges assigned to companies,” she adds. “The bottom line is, the more computing environments you are using, including cloud providers and apps, the more you are increasing your attack surface. That means your IT and security teams have more work to do to harden and monitor that surface.”

The Importance of Prevention in Healthcare Security

Draganescu says healthcare organizations need a holistic, comprehensive and proactive approach to defend against ransomware, with the goal of becoming cyber-resilient to limit any damage.

“As we see in healthcare, the best medicine is prevention, and this is also valid in security. Deploying adaptive, machine learning–based defenses is highly recommended — that’s something we’ve worked to pioneer,” she says. “In healthcare, you take a medical history from a patient, do bloodwork to identify areas of concern, and come up with a proactive plan that may involve medication or diet and exercise to avoid or reduce future risks, such as a heart attack. Machine learning–based defenses provide the ability to do that all at once in the moment of an attack. They recognize what’s happening and execute the necessary prescription to block or remediate it.”

Draganescu explains that adaptive defenses such as these can help stop attacks early in the kill chain, while other technologies, such as sandbox analyzers, can prevent programs from being executed until they have been confirmed as not malicious, which can make a huge difference in the fight against ransomware.

“We know prevention is not 100 percent effective,” she adds. “So, just like you have an emergency room for detection and response to medical cases that couldn’t be prevented, healthcare organizations also need detection and response capabilities to identify suspicious cyberactivities or spot compromises on the endpoint.”

DIVE DEEPER: How to minimize risk amid rise in ransomware attacks on healthcare organizations.

Those capabilities come in the form of endpoint detection and response tools that take automated response actions and support incident investigation for security analysts. But many midsized and smaller organizations don’t have dedicated security staff for this.

Selheimer notes that while healthcare organizations generally have a lot invested in technology, they don’t typically invest in IT or security staff to the extent they should. However, managed security service providers and managed detection and response providers can assist here by extending the healthcare organization’s skill set and providing 24/7 monitoring when an organization cannot do this on their own.

“It’s generally more cost-effective to partner with someone who specializes in this field,” he says. “That’s also a practical challenge. If your organization is located outside of a major city, there’s a lack of security specialists. It’s hard even within major cities because there are many more jobs than there are qualified security analysts to fill them.”

Brought to you by: