“We also recommend security awareness campaigns on a continuous basis — it’s not a one-and-done situation. Deploying an email-specific solution as part of the overall security strategy, identifying the most sensitive and most important data to secure, and conducting frequent backups for those valuable assets are also critical,” Draganescu says.
Selheimer adds that ransomware actors are growing more sophisticated about social engineering, looking for people with elevated credentials or access to company data and targeting them specifically.
“They’ve gotten more sophisticated about emails. It’s hard to spot them, so a blame-the-user attitude is not good,” he says. “It’s wrong to assume the people who click on these links are not smart. So, continuous training and internal phishing attempts — I’ve been phished by my own IT team in more than one company — is a really good practice to educate them. If someone clicks on a false malicious link, that becomes an opportunity not to blame, but to educate further.”
Draganescu notes that healthcare organizations face multiple challenges when it comes to addressing the ransomware threat. That includes balancing privacy, budgets and security skills.
READ MORE: How security training can combat the threat of ransomware.
“It’s a challenge to find the solution that provides the highest level of protection, complies with regulations and data privacy, stays under budget and can be managed by the current team,” she says.
Another complicating factor, most recently accelerated by the pandemic, is the rapid adoption of cloud technology and virtual care platforms.
“Many organizations think that somehow the cloud is inherently more secure. In the early days of cloud that may have been somewhat true, as malicious actors could identify a specific healthcare organization’s IP address range to target their traditional IT infrastructure, and the cloud provided a greater degree of anonymity,” Draganescu says.
“But now, with attackers using more automation and going after IP ranges at speed, they can leverage both ‘spray and pray’ methods — which can inadvertently hit a healthcare organization’s cloud systems — or they can rely on IP address lookups to continue to go after IP ranges assigned to companies,” she adds. “The bottom line is, the more computing environments you are using, including cloud providers and apps, the more you are increasing your attack surface. That means your IT and security teams have more work to do to harden and monitor that surface.”
The Importance of Prevention in Healthcare Security
Draganescu says healthcare organizations need a holistic, comprehensive and proactive approach to defend against ransomware, with the goal of becoming cyber-resilient to limit any damage.
“As we see in healthcare, the best medicine is prevention, and this is also valid in security. Deploying adaptive, machine learning–based defenses is highly recommended — that’s something we’ve worked to pioneer,” she says. “In healthcare, you take a medical history from a patient, do bloodwork to identify areas of concern, and come up with a proactive plan that may involve medication or diet and exercise to avoid or reduce future risks, such as a heart attack. Machine learning–based defenses provide the ability to do that all at once in the moment of an attack. They recognize what’s happening and execute the necessary prescription to block or remediate it.”
Draganescu explains that adaptive defenses such as these can help stop attacks early in the kill chain, while other technologies, such as sandbox analyzers, can prevent programs from being executed until they have been confirmed as not malicious, which can make a huge difference in the fight against ransomware.
“We know prevention is not 100 percent effective,” she adds. “So, just like you have an emergency room for detection and response to medical cases that couldn’t be prevented, healthcare organizations also need detection and response capabilities to identify suspicious cyberactivities or spot compromises on the endpoint.”
DIVE DEEPER: How to minimize risk amid rise in ransomware attacks on healthcare organizations.
Those capabilities come in the form of endpoint detection and response tools that take automated response actions and support incident investigation for security analysts. But many midsized and smaller organizations don’t have dedicated security staff for this.
Selheimer notes that while healthcare organizations generally have a lot invested in technology, they don’t typically invest in IT or security staff to the extent they should. However, managed security service providers and managed detection and response providers can assist here by extending the healthcare organization’s skill set and providing 24/7 monitoring when an organization cannot do this on their own.
“It’s generally more cost-effective to partner with someone who specializes in this field,” he says. “That’s also a practical challenge. If your organization is located outside of a major city, there’s a lack of security specialists. It’s hard even within major cities because there are many more jobs than there are qualified security analysts to fill them.”
Brought to you by: