By now, we’ve all seen the headlines. Hospital attacked by ransomware, patients getting turned away because providers can’t be certain of what specifics need to be considered for a procedure, all health records compromised.
While most of us are probably thinking “why in the world is ransomware still a huge problem in hospitals”, the answer is probably more eye opening than we’d like to think.
In recent days, cybersecurity attacks have become harder to fight because instead of exploiting one single network vulnerability, cybercriminals have decided to attack HUNDREDS of known vulnerabilities at once in hopes that something sticks. They really don’t care how they get in—what’s important to the bad guys is getting in, infecting as much as possible and getting paid (and if you decide not to pay them, they now are threatening to publish all of your data for all to see on the web).
What’s truly eye opening about how cybercriminals are getting onto hospital networks?
The troubling thing to me about hospital cybersecurity events (breaches and ransomware attacks) is that all of the vulnerabilities leading to an attack could have been prevented. The hundreds of different ways criminals are now trying to break into your hospital’s network all are things we know about. Note: if you aren’t sure what vulnerabilities persist on your network, cybersecurity experts unanimously recommend getting a network vulnerability assessment.
Everything is patched—one of the biggest reasons hospitals get attacked (along with other businesses) is because IT Support teams are too busy helping your users fighting daily fires to really delve into making sure preventative maintenance is taken care of. Every single hospital I’ve assessed in the past year (hospital coming to us for cybersecurity advice) have had unpatched networks. If your IT team isn’t making sure patches are updated (and tested) you are making an easy target for a ransomware attack.
Everything is backed up—when attacks happen, the first thing you should ask is “can we restore from backups?” What’s frightening to me is that most of the hospitals that have unpatched machines do not have backups that actually can restore your entire network. When your IT Support team says that everything is backed up, what they mean is that the software they use tells them the backup occurred. What they fail to do is actually test that backup to make sure it was successful. Unfortunately, current backup technologies are successful only 60% of the time. Are your backups really going to save you?
Users are trained—recent cybersecurity reports identify user security as contributing to nearly 65% of ransomware attacks. Users need to be kept in the loop as to what are the latest phishing tactics, how to keep sensitive data secure on your network and how to prevent giving away too much information (information that may facilitate an attack).
Firewall in place—while every hospital that I’ve audited have had a firewall solution in place, most were either dated or were not updated to detect signatures of the latest types of attacks. Having a ‘smart’ firewall in place that can detect suspicious traffic coming across your network and blocking and reporting known malicious traffic is critical to keeping your network safe.
Securing vendor databases—even though you’d have thought that your vendors were keeping your data safe (think EHR vendors, for instance), they really aren’t trained in cybersecurity and do NOT take necessary precautions to ensure good cybersecurity hygiene. Will your EHR keep your data safe?
Network that is monitored—most IT support teams don’t consistently monitor traffic on your network to be able to detect suspicious activity. Think of constant network monitoring as giving your IT Support team a baseline to compare malicious activity. If your IT team isn’t monitoring your network, they likely won’t be able to easily tell—at least initially—what is ‘bad’ traffic on your network.
The list goes on!—As I mentioned above, there are hundreds of vulnerabilities out there as means for cybercriminals to penetrate your network. Too long a list to simply mention in one blog post! If you are concerned whether your hospital is taking all the necessary steps to protect your network, cybersecurity experts recommend getting a cybersecurity assessment.
The good news for your hospital is that basic security hygiene goes a LONG way to keeping your hospital safe from ransomware attacks. The bad news is that it’s hard to teach an old dog new tricks. If you currently have a network plagued with cybersecurity vulnerabilities, the likelihood that your current approach to IT security is insufficient. You may need to consider (1) alternative support structures or (2) reinforce your staff with hospital-focused cybersecurity support.
