Last month, a joint advisory released by the US Cybersecurity & Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) outlined an ongoing threat aimed at hospitals and other health care providers.
Security experts have identified one specific strain of ransomware aimed at stealing data, disrupting critical services, and extracting payments from health care organizations. Hospitals and medical centers in Oregon, Michigan, Wisconsin, New York, and Vermont have already been affected.
The ransomware strain, Ryuk, is hosted by a well-known international botnet called Trickbot. These two bad actors have evolved from their beginnings as simple viruses to now carrying out a variety of illegal activities, including password harvesting, network compromises, and data breaches.
Once cybercriminals have accessed networks or machines, they can use remote desktop protocols to access mapped drives and connected devices—all in the name of disabling security software and stealing useful information and then trying to obtain a ransom payment to return it.
And cybersecurity experts agree: all it takes is one business paying that ransom to convince hackers that they should keep chasing such illicit aims.
So how can you keep your business safe, whether it’s in the health care industry or not?
Cybersecurity experts outline five steps that can protect your company and prevent further ransomware attacks:
1. Back up your data.
The simplest way to prevent serious ransomware ramifications is to back up your company’s data regularly, remotely, and redundantly, thereby creating multiple copies of critical information that are stored in different cloud-based and physical locations. Without this simple step in place, hackers can easily bring a business to its knees, forcing it to consider paying a ransom to retrieve even just one critical file.
2. Implement a recovery plan.
With reliable data backups in place, the next step is a clear, easy-to-execute data recovery plan. That way, even a successful ransomware attack can be rebuffed—simply by restoring the data you already have saved in a non-affected location. By working with a trusted IT provider, you can outline this plan in advance, well before a serious issue affects your company. In the health care industry, this is particularly important because it allows for patient databases, medical records, and telehealth services to be restored quickly in the wake of any disaster (natural or manmade).
3. Strengthen network security.
Health care institutions have traditionally considered the safety and well-being of patients as priority number one. Using firewalls, smart remote desktop protocols, and multi-factor authentication can extend security to systems and devices—strengthening the protection of patient information while shoring up day-to-day business operations. The same is true for other industries, whether they are strictly regulated (like legal and financial businesses) or simply store client information (like retail and professional services) that could be compromised.
4. Deploy security patches and software updates.
One of the most critical ways to prevent a ransomware breach is to ensure machines and operating systems are always up to date. By working with a trusted IT provider, this process can be automated to run in the background, ensuring your computers stay safe and your employees don’t have their day-to-day work disrupted. Neglecting this can have serious consequences, too; the infamous WannaCry ransomware attack in 2018 took advantage of a known end-of-life vulnerability in Windows 7 that wasn’t addressed quickly enough.
5. Educate your employees.
Most ransomware strains target end-users, using cleverly spoofed emails to entice them into clicking malicious links or downloading infected attachments. If your staff understands that these attempts are inevitable, they can be trained to recognize ransomware attempts and phishing scams, which is the first step toward protecting critical business data. Once that knowledge is in place, ongoing training can help your business adapt to evolving threats and mitigate future vulnerabilities.
Cybersecurity threats will continue to evolve. But health care organizations and other critical industries need to take recent warnings seriously—especially amid an ongoing pandemic.
At CMIT Solutions, we understand the digital landscape’s shifting nature, and we work 24/7 to help our clients counter security threats that are becoming more invasive and dangerous. By protecting devices, systems, and records, we do our part to keep millions of North Americans safe from ransomware, data breaches, and network intrusions.
If you work in the health care industry and worry about the security of your information, contact CMIT Solutions today. Not in health care but equally concerned about other cybersecurity threats? CMIT can help. We defend your network, secure your data, and empower your staff to be more productive, all while keeping your business safe.