When the WannaCry ransomware struck around mid-2017, one of the organizations most impacted was the NHS (National Health Service) in the UK. Service was affected adversely in hundreds of NHS facilities; thousands of appointments had to be canceled, operations had to be postponed and patients had to be urgently relocated from many emergency centers were impacted.
Well, this is not the only instance when healthcare institutions have been impacted by ransomware strikes. In recent times, there has been an increase in ransomware attacks upon healthcare organizations, all the world over. Day to day operations are thrown out of gear and thousands of patients are affected every time there is a ransomware attack on a healthcare firm. Added to this is the loss of data plus the costs involved in recovery.
Now, why is it that cybercriminals have started targeting many healthcare organizations with ransomware attacks. One of the main reasons is that in the healthcare sector, there has been a rapid shift, in recent times, to digitalized personal healthcare records; and it’s digitalized personal data that hackers are always after. By 2017, many physicians had started migrating to electronic systems, depending greatly on things like EHR (Electronic Health Records) and EMR (Electronic Medical Records) to store, manage and retrieve information. Hospitals have, in the last two years, started making use of the digitalized system in an unprecedented manner. Thus, almost all records pertaining to patients and their treatment were digitalized. Most of the hospital systems have become connected to the internet and many processes and medical procedures now automated as well. Thus, cybercriminals, especially the ransomware criminals, have started seeing the healthcare industry as one of the most potential of targets. One aspect that might appeal to the ransomware criminal as regards the healthcare firm is that when things go wrong following a ransomware strike, healthcare organizations, unlike other firms, won’t have enough time at their disposal for recovery and for setting things back on track. They can’t lose much time as it all concerns the physical well-being and lives of thousands and sometimes millions of patients. Thus, there is a greater probability of healthcare firms yielding to ransom demands coming from the ransomware criminals.
Now let’s look at things from the perspective of the victims. A ransomware attack causes great damages, much greater compared to most other attacks. The cost goes far beyond the extortion payment that’s demanded by the hackers. The downtime costs, lost revenue, the sufferings of the patients/customers, mitigation and recovery costs, brand/reputation damage etc, plus non-compliance fines, if any, would impact a healthcare institution very adversely.
The fact remains that though security technologies seek to protect organizations from cyberattacks, ransomware hits and spreads mostly through phishing emails or by visits to an infected website. Moreover, cybercriminals today have started conceiving Fully UnDetectable (FUD) threats that would work by evading existing layers of security. Thus, ransomware could hit any healthcare firm bypassing traditional antivirus/antimalware software. Doing a statistical study of healthcare firms affected by ransomware would prove that most of these firms already have such traditional security software installed.
So, what’s to be done? Well, many would think that paying the ransom is the easy way out. But no, you can’t say that for certain. Recent studies show that a big share of ransomware victims fail to get their data back even after paying the ransom. Yes, among the healthcare firms that pay the ransom, less than half only manage to recover their data fully. Another aspect of this is that such organizations, since they don’t have the root cause of the attack rectified, continue to be vulnerable to further attacks.
So then, what’s it that healthcare organizations can do in such a context? The answer is simple. The focus should be on trying hard to avoid being hit by ransomware. Healthcare institutions should endeavor to prevent ransomware attacks from happening. Yes, as the adage goes, prevention definitely is better than cure.
Ransomware prevention tips for healthcare firms
Well, before discussing the prevention tips, let’s make one thing clear. The onus for prevention, in a healthcare organization or for that matter any kind of organization, is upon each employee, from the CEO to the newest employee. In addition to the preventive measures that the organization would overall adopt, employees too need to be cautious and do the needful to prevent their organization from being the next ransomware victim.
So, here are the basic tips that would help a healthcare firm prevent ransomware attacks to a great extent:
• Have a trusted antivirus/antimalware software installed. It’s better to do this on every single system and even on the other devices (smartphones, tablets etc) that are connected to the firm’s network.
• Go for effective password management; always have strong, unique passwords for all systems, accounts and devices and make sure the passwords are changed regularly.
• Regularly back up all data, preferably on an external hard drive which remains unconnected to the network or to the internet.
• Train employees to stay safe from phishing scams. Instruct them not to open suspicious attachments or click on suspicious links. Ask them to confirm the genuineness of all emails that ask them to fill in some data or to click on a link or attachment.
• Have an effective incident response plan in place.
• Make it a policy to intimate law enforcement personnel in case an attack.
As a concluding remark, we would say that any organization today must invest in security. It’s the most important thing for any organization today. Ensuring that all endpoints are properly secured would also help prevent ransomware attacks. It’s also advisable to have a full-fledged IT department or if needed, partner with a security firm. Remember, cybersecurity is of utmost importance for any healthcare firm today.