Ransomware attacks are a specific kind of hacking where the attacker locks access to a networked computer system until they’re paid a ransom. Typically, what happens is that a piece of malware is sent to a network in the form of a phishing attack. When the malware is activated, either by opening an infected email, text, or SMS, it locks everyone out of the system until the attacker is paid.
These attacks are a growing favorite of hackers. In 2019, 205,000 businesses were targeted, a 41% increase over 2018. This means that every 14 seconds, a business becomes a victim of ransomware.
The preferred malware for these attacks shifts every few years:
- 2013 – 2016: CryptoLocker and CryptoWall.
- 2017: WannaCry and SamSam.
- Late 2018 – present: GandCrab and Ryuk.
Each of these attacks uses a slightly different method to lock out systems, but they all have one thing in common: they all target known exploits that haven’t been patched.
Who gets targeted by ransomware?
Hackers use ransomware attacks to target businesses of all sizes in all sectors, from startups to enterprises. These attacks are so widespread that 5% of businesses in the top 10 industry sectors have been affected.
Part of the reason for this is that ransomware attacks are easy to initiate. Most of the time, they’re delivered via email, so it’s easy to reach a massive amount of people at once. From there, it’s just a matter of waiting until someone opens the email.
There are two types of cases we tend to hear about more than others. The first are high-profile cases like attacks on major cities. In 2018, for example, the city of Atlanta was targeted by ransomware. Hackers demanded $52,000 in Bitcoin. The city refused to pay the ransom, and fixing the problem set them back a staggering $17 million.
A year later, the city of Baltimore was locked out of its systems for more than a month. Like Atlanta, Baltimore didn’t pay the $75,000 in bitcoin and, as a result, the attack cost them more than $18 million to fix.
As if crippling a city’s infrastructure isn’t bad enough, the ultimate target for ransomware attacks is healthcare providers.
Why healthcare providers get targeted by ransomware
The big reason healthcare providers get targeted is the sheer value (and massive amount!) of data it collects and stores. The healthcare system is filled with confidential information about people, including credit card data, insurance information, specific health problems, and more. If this data were to be stolen, it could lead to massive credit card fraud or identity theft, for example.
To add to the importance of this data, it’s highly regulated and covered by the Health Insurance Portability and Accountability Act (HIPAA), which requires all personal healthcare information to be as secure as possible. Losing a person’s data means huge fines for hospitals and healthcare providers, ranging from $100 -$5,000 per patient.
Along with the high value of their data comes another problem. Healthcare providers tend to have bad, or at least outdated, security. A lot of healthcare systems were designed and implemented so long ago; some of them still run on Windows XP, which is no longer supported by Microsoft. When you add that to the fact that healthcare IT folks are stretched pretty thin, security holes can go unnoticed for longer than they should.
And finally, ransomware attacks almost always rely on people being careless and either opening the wrong file or clicking on a bad link. The hectic nature of healthcare means people aren’t always paying as much attention as possible when they’re reading email, especially now during the COVID-19 pandemic. Hackers know this. When people are distracted, they’re more likely to open links they wouldn’t otherwise notice.
What you can do to prevent ransomware attacks
The best way to deal with ransomware attacks is to have systems that prevent them from happening in the first place. Because even if you do have a system in place where you could restore everything from backups if you’re targeted, it’s still going to be expensive, as Atlanta and Baltimore showed us.
The goal with your security efforts should be a system that you can not only optimize but also monitor in a way that provides full visibility at all times and that lets you easily make sense of the data.
Let’s take a closer look at what you can do to prevent ransomware attacks from happening.
IT security education and training
This is a big one. Human error is behind upwards of 90% of data breaches. Sometimes it’s the result of poor passwords, but it’s largely a lack of security awareness that causes this to happen.
When employees don’t know what a suspicious email looks like, they’re more likely to click a link or download an attachment. In the healthcare world, in the middle of a pandemic, there are many distracted people out there who, whether they mean to or not, are falling for phishing attempts.
To stop this from happening, you need a robust cybersecurity awareness program. This should include providing employees with general security education, running security drills by sending fake phishing emails, reminding staff to change passwords regularly, and sending notices about new threats as they’re discovered.
This is especially important with so many people working off-site. It’s easy to let your guard down when you’re working remotely because you are surrounded by people and things that can take your attention away from work. Something as innocent as going to the bathroom while working at a coffee shop can lead to a data breach.
Top-notch security protocol
Good security goes a long way.
We mentioned already how most healthcare providers tend to run outdated systems and that they’re often too busy just keeping these systems running to worry overly much about security. Good network security won’t help solve this problem, but it will add an extra layer of protection to prevent ransomware attacks.
First, make sure you’re running an enterprise-grade antivirus tool and that your virus definitions are always up to date. Advanced threat protection can be used to support your antivirus tool and should catch things the antivirus misses, like safeguarding against harmful links in real-time.
Access control is also a huge part of keeping your system safe. Even if attackers compromise a user, if you have access control in place, it limits the amount of exposed data. Geo-fencing and IP-based location access further increase security by restricting access to critical systems when employees aren’t at work. Filtering out location data on devices can prevent hackers from tracking employees on their way to work or from determining who employees are, even.
If you can, implement an AI or machine learning system that can monitor your systems. This setup will crawl your networks and tag or flag any suspicious-looking code or unusual network activities. This gives you 24/7 coverage that provides protection long after the IT team has gone home for the night. The last thing you want is to show up for work in the morning to find out a hacker accessed the system while you were eating dinner.
Finally, common sense IT security measures go a long way. Limit admin rights, leverage multifactor authentication, and if employees are working remotely, use a VPN. Even at the enterprise level, the fundamentals can cover your exposure.
Good Backup and Disaster Recovery (BDR) protocol
As great as it would be to never have to use your Backup and Disaster Recovery (BDR) plan, not having one is almost worse than getting hacked in the first place.
Disaster recovery involves tactics like having up to date backups and creating a plan to use those backups should you fall victim to ransomware. If you get hacked, you can restore to the last backup point before the attack occurred. It’s still going to be costly to reset your entire system, but it’ll cost you more if you don’t have a BDR in place at all.
Managed Security Services Providers (MSSPs)
If you’re simply too busy to deal with all of the above suggestions on your own, managed IT services is the way to go.
MSSPs help you by taking care of all the details for your IT security program, from auditing to 24/7 monitoring. MSSPs provide customized security solutions that are tailored to your specific business. Along with 24/7 network security monitoring, you can get regular security audits and testing, identity and access management, security alerts, and business continuity planning. MSSPs can also help provide training for your staff to ensure they’re up to date on current threats and scams, as well as ensuring you’re compliant with regulations like HIPAA.
What’s nice about MSSPs is that they give you complete coverage without putting the burden on internal IT teams. And, with the right MSSP, you don’t have to commit to a lengthy contract. You get everything you need for a single monthly payment.
What happens when you’re targeted by ransomware?
Simply put, when you fall for a ransomware attack, you get locked out of your system and have two choices: pay the ransom or lose everything.
On a bigger scale, you expose incredibly sensitive patient information that leaves you open to massive compliance violations. To add to this, regulations are changing to make it illegal to pay the ransom.
This means that if you don’t have a good BDR in place, you’re in trouble. The IT team has dropped the ball in a major way, and you’re dead in the water.
If you’re targeted, the first thing you’ll need to do is isolate EVERYTHING (computers, endpoints, etc.) that’s been infected. Ideally, you’ve got enough access control in place to limit the damage, but if you disconnect everything immediately, you can limit the spread of the infection. If you’re not sure what’s been infected, unplug, and disconnect everything that’s connected to the network. The more you can limit the spread of the infection through your systems, the better off you’ll be.
Next, access your emergency backups and restore the compromised data.
Having a disaster response team to scan and verify that your systems are clear after you’ve restored them is a great idea, as well, as it ensures that you didn’t miss anything.
There’s very little room for error when it comes to healthcare cybersecurity. Compliance and regulations mean that you have to do your best to prevent an attack and, if something should happen, you need to be ready to deal with it fast.
But, being able to do it all in healthcare is hard. IT teams are already managing outdated, complex systems that require all their time just to keep them running normally. Monitoring and preventing ransomware attacks requires specialized knowledge and tools they often don’t have. The good news is you can get help. We mentioned that MSSPs (like us) could help you by providing 24/7 monitoring and prevention. We can also help with disaster preparedness and recovery plans, employee education, and patching and updating vulnerable systems.
If you want to find out more about how we can help, contact us today.