What Is Happening With Ransomware in Healthcare?

221 votes

In June, Health Data Management hosted a gathering of information security experts to discuss ransomware and how to handle it. They agreed that it is likely that many entities would be hit by it. It is a large and growing problem. Paying the ransom only gives criminals more money to improve their ransomware.

Daniel Sergile director of security operations at CIOX Health, said, "But it also highlights another issue: Companies don't do a very good job with their backup and recovery. If I were doing monthly backups and daily intermittent backups, then I wouldn't have to pay a $17,000 ransom. I'd literally take a snapshot, lose a day's worth of data, and it would probably cost less than $17,000. It goes back to the basics of information security: Do employees have administrative rights across the entire environment? Are those rights a little too elevated, allowing them to modify their systems? And at the system level, are we investing in all the latest and greatest flavors of antivirus and employee analytic tools? If we go back to basics and do what needs to be done-not to the point where it cripples the business, but secures it-then I think you'd see a lot less people paying that ransom."

John Mertz, vice president and CIO at South Nassau Communities Hospital, pointed out that if the backups are off-site, obtaining them and restoring them is going to take too much time.

At good hosting facilities, SQL backups occur every 15 minutes. Complete backups are performed daily. These backups are first made on the same physical server on a different disk array from the live database and then are copied to a separate physical server, so they are stored twice. Backups are kept onsite, so in the event of ransomware, the data can be restored quickly.

If you are hosting your own software and database, Steve Dryer, administrator for a hosting facility advises that you do the following:

1. Be sure you are actually doing backups.

2. Be sure you are backing up what you need to backup.

3. Be sure that your backups are good and can actually be read.

4. Be sure that you can and know how to restore your system to a fully functioning state if you need to.

Regardless of where your data and software are hosted, he says you should not rely on backups alone. Have other security in place that monitors and alerts you if a problem occurs.

Keep everything up-to-date and patched. By that he means:

1. Operating system on the PCs

2. Operating system on the server

3. PC and server main board BIOS

4. PC and server drivers

5. PC and server driver controllers and RAID card BIOS and drivers.

6. All PC and Server firmware

7. All network equipment firmware including switches, routers, firewalls, access points and WiFi equipment

8. All virus protection (and of course make sure it is running.)

He goes on to point out that anything that is obsolete and no longer being supported, and therefore updated, MUST not be used. That means Windows XP, Microsoft Office 2003 and other no longer supported software and hardware should be replaced.

You must control employee access to only those Internet sites required for the business. Do not allow employees to connect their cell phones or other mobile devices to your practice's WiFi.

What if a user gets a ransomware message? Maria Suarez, chief information security officer for Hackensack University Medical Center noted that if users ever see a ransomware message, they should disconnect from the network but not power their computer down.