Healthcare organizations have been targeted by cyber attacks, including ransomware, for years and the number and size of attacks is growing. But what you knew about ransomware three years ago has changed.
How would you answer the following statements? True or False.
- The most common way ransomware attacks begin is through stolen passwords.
- Ransomware is not much of a threat to smaller organizations because attackers only target big companies.
- The best defense against ransomware is cyber insurance.
- If we can find funds in the budget, the quickest and surest way to get past a ransomware attack is to pay the ransom.
- Employees can help prevent ransomware attacks by learning how to recognize and avoid phishing emails.
Ransomware is a big business and the criminals are motivated by profits. Like other businesses, ransomware criminals learn from their mistakes, adjust their tactics and innovate to drive up profits. They partner with other ransomware groups to leverage their skills and expand their reach.
Defend Against Ransomware Using Expert Advice
Fortunately, top level cybersecurity experts track and analyze cyber crime tactics, and in May 2023 published a new #StopRansomware Guide. The joint task force is co-chaired by the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
From the new Guide:
“Over time, malicious actors have adjusted their ransomware tactics to be more destructive and impactful and have also exfiltrated victim data and pressured victims to pay by threatening to release the stolen data. The application of both tactics is known as ‘double extortion.’ In some cases, malicious actors may exfiltrate data and threaten to release it as their sole form of extortion without employing ransomware.”
Answers to the True/False statements:
- The most common way ransomware attacks begin is through stolen passwords. False – today the most common way criminals get in is through phishing emails. The second most common attack vector is a remote desk protocol (RDP) which allows access to the network from another location, like working from home. Stolen credentials are also a common attack vector.
- Ransomware is not much of a threat to smaller organizations because attackers only target big companies. False – ransomware attacks happen to organizations of all sizes and types.
- The best defense against ransomware is cyber insurance. False – the strongest defense against ransomware is following good cybersecurity prevention measures, including employee cybersecurity awareness training. Cyber insurance might also be a good idea, but only if strong cybersecurity protections are in place.
- If we can find funds in the budget, the quickest and surest way to get past a ransomware attack is to pay the ransom. False – there is no guarantee that the criminals will do what they say. Even if they give you access to your own data, they may also sell that data on the dark web. Paying ransom encourages them to do it again, and makes you a potential target again.
- Employees can help prevent ransomware attacks by learning how to recognize and avoid phishing emails. True – after implementing all the recommended cybersecurity measures on network systems, the single most important prevention measure is cybersecurity awareness training for all staff.
Read the the full StopRansomware Guide for a comprehensive explanation, but some of the recommendations include:
- Maintain offline, encrypted backups of critical data, and NOTE: Automated cloud backups may not be sufficient because if local files are encrypted by an attacker, these files will be synced to the cloud, possibly overwriting unaffected data.
- Create, maintain, and regularly exercise a basic cyber incident response plan and associated communications plan that includes response and notification procedures for ransomware and data extortion/breach incidents.
- Implement a zero trust architecture.
- Regularly patch and update software and operating systems.
- Use multi-factor identification (MFA)
- Ensure all on-premises, cloud services, mobile, and personal (i.e., bring your own device [BYOD]) devices are properly configured and security features are enabled.
- Limit the use of RDP and other remote desktop services.
HIPAA Compliance Conforms to the StopRansomware Guide
HIPAA requires covered entities and business associates to create and maintain administrative, physical and technical safeguards to protect patient privacy. All the cybersecurity recommendations in the new Guide mirror HIPAA Security Rule requirements. Use the Security Rule Checklist and do an annual Risk Analysis to refresh and update your Risk Management plan.