Cyber security isn’t a new issue within the healthcare industry. More stories come out every day of files being extracted from healthcare facilities, leading to possible HIPAA violations and reams of patient information falling into untrustworthy hands.
But a new, troubling trend is pushing to the forefront: Ransomware. According to this Quarterly Threat Report, 88% of all ransomware attacks targeted the healthcare industry in the second quarter of 2016. This has a huge affect on those in the health technology and health information management fields, because more and more precious data is being breached.
So what is ransomware, and what can healthcare facilities do to defend themselves against it?
Holding Files Hostage
Ransomware is a type of software that hacks into databases and encrypts the data, and then holds it ransom until the victim pays a sum of money. Targets of ransomware will often find themselves redirected to websites demanding payment in bitcoin, an untraceable form of digital currency.
This type of hacking is deeply insidious for a couple of reasons. First and most frighteningly, healthcare providers can’t access the encrypted information until the ransom is paid. This means patients’ healthcare information can be completely out of reach. A healthcare provider readying treatment for a patient wouldn’t be able to access that patient’s medical records. And it’s not just the records themselves—sometimes the ransomware encrypts whole networks and stops users from logging in at all.
It’s also problematic because, simply put, it’s effective. Healthcare facilities are highly motivated to pay ransomware fees so that they can quickly access the encrypted data—lives and reputations depend on it. On top of that, switching to digitized information has been a lumbering process for the healthcare industry, and many facilities and hospitals are behind on cyber security preparation.
Unfortunately for them, cyber attacks are no longer a question of if but when. That’s why health facilities need to have plans in place to reduce the consequences of attacks.
Strategies to Stop Ransomware
Preventative cyber security is still the frontline of defense. Many vendors are developing tools to halt randsomware before it’s able to gain a stronghold within a company’s network, but there are steps facilities can take, as well.
For one, it’s important to make sure employees are adequately trained on how to avoid cyber threats. They should never give out passwords, leave their private information on post-it notes around their desks, open links from strange emails or visit potentially hazardous sites. Because employees are often the weakest link in cyber security, it’s paramount to teach them to be safe and cautious.
But since cyber threats are a very real possibility, and since hackers are developing increasingly inventive means of infection, reactive strategies are also important. What do you do once your network has been infected?
Turns out it’s possible for security analysts to detect and stop an attack before the data can be encrypted, but after the infection has taken place.
According to a threat research report recently released by Exabeam, facilities have a small time period in which they can halt the ransomware process. As ransomware becomes more complex, it takes more time to root out and encrypt vulnerable files. This process might take minutes or hours, but either way—it’s a vulnerability that can be exploited.
Facilities need to be on watch for attacks so they can detect and combat ransomware during this vulnerable time period. By analyzing suspicious behavioral patterns on logs, personnel might be able to identify attacks and stop them. Cyber security experts are also working to sharpen strategies, so it’s important to stay up-to-date on the latest breakthroughs.
Help on the Way
The Department of Health and Human Services recently announced its own strategy to deal with cyber threats. It will be offering two grants, valued at $250,000 for the first year, to two existing nonprofit Information Sharing and Analysis Centers (ISACs). This funding, which could total up to $1.5 million over five years, will go toward research and the creation of a more accessible threat sharing infrastructure.
The problem with this strategy is it’s a long-term solution to a current and present problem, so it’s important to have cyber security in the place in the meantime. Patient records—and patient outcomes—depend on it.