Home  |   Subscribe  |   Resources  |   Reprints  |   Writers' Guidelines

Web Exclusive

How to Combat Ransomware
By Harish Pai

In a devastating attack this May, ransomware hijacked the National Health Service in the United Kingdom, with staff getting locked out of their computers and hospitals being forced to send away patients and reroute ambulances. And this June, it was reported that US hospitals were hit by a global ransomware attack. In fact, 72% of all malware attacks on the health care sector last year were executed through ransomware.

So how do such crippling ransomware cyberattacks occur? Mainly through encrypting or blocking access to computer files and servers until a demanded ransom is paid. And in today's interconnected world, health care systems are especially vulnerable since their networks are rarely offline. Hackers looking for patient data on the cloud need only to exploit a single vulnerability on a network to compromise millions of patient records. In addition, health care data are intensely personal and are accompanied by crucial financial information. With sensitive patient data being at stake, ransomware attacks not only affect the reputations and finances of health care organizations but also risk lives.

How Can Health Care Organizations Bolster Their Defenses?
To prevent such ransomware attacks and soften their impact, health care organizations must ensure end-to-end encryption and security of their patients' data on all devices, 24/7.

Simple first steps include ensuring that all systems are backed up. Keeping a "gold image" of systems and configurations can be critical to business continuity. In case of a malicious attack leading to a lockdown, hospitals would still have the data they need. This should be accompanied by regular patch management and updates.

Amid such solutions, new technology solutions can also come to the rescue—in addition to traditional approaches—that can fortify defense frameworks. For instance, health care organizations can now proactively deploy predictive analytics to check medical and credit reports for evidence of fraudulent activity. Similarly, they can implement security solutions to provide a safeguard against bots or artificial intelligence-based malware, or use threat intelligence solutions.

In addition, they need to employ systems designed and built with "high availability," or the capacity and assurance of almost 100% operability. Also, implementing real-time synchronization of data and files backed up to the cloud can ensure that complete, reliable copies exist in an alternative safe space, in case of a breach of storage systems.

Most important, health care institutions need to invest in added layers of security protection to cover endpoint protection and encryption, firewall inspection and prevention, organizationwide safeguards for mobile device management, and wireless intrusion prevention. They can also enable strong spam filters to prevent phishing e-mails from reaching end users and to authenticate inbound e-mail using technologies such as Sender Policy Framework, Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail.

Finally, the most crucial links in the chain are those who work with all these health care data. That's why training health care staff in safety measures while using communication tools is vital. For example, health care practitioners must be trained to ignore e-mails from dubious sources, protecting them from phishing scams that could infect the whole network through just one computer.

When Ransomware Strikes
In the unfortunate case that a ransomware attack occurs, organizations can take the following quick recovery measures:

• Infected systems and computers must be immediately isolated to stop the malware from spreading. Affected devices that haven't been completely corrupted must be swiftly turned off to recover data and contain damage.

• Backed-up data or systems need to be secured by taking them offline. Along with this, online accounts and network passwords across the organization must be changed after securely removing the infected system from the network.

• Registry values and files must be deleted to stop malware programs from loading.

As cybersecurity continues to develop, so do new versions of malware. But we need not fear being held to ransom. The advances in technology that have enabled the health care industry can only contribute more benefits. Being proactive in plugging potential leaks can mitigate risks while we continue to use new technologies to draw value from in-depth data, better connectivity, and mobility solutions. With stronger awareness and education across all levels of the health care industry, investment in the right technology solutions, and vigilance, organizations can be better guarded against ransomware.

In addition, the health care industry can collectively adopt unified standards and security procedures, with protocols for preventing and recovering from ransomware attacks. Such standards on data protection can be based on HIPAA compliance.

— Harish Pai is a senior vice president and the chief technology officer for business technology solutions at Infinite Computer Solutions. He is responsible for technology, centers of excellence, architecture, and business solutions. Over the last 22 years, Pai has worked with global technology companies and system integrators including Microsoft, Satyam Computers, and NIIT. Pai comes with a strong background in technology consulting, conceptualizing IT solutions to business issues with experience in health care, insurance, manufacturing, retail, and the public sector. Pai has extensive background of transformational offshoring/outsourcing and services delivery across application development and maintenance, production support, quality assurance, infrastructure management, and legacy modernization.