Ransomware is a malicious software that installs itself undetected to a server or a personal computer, restricting user access to cause functional disturbance and demand ransom in return for security of confidential information. It has lately been on the rise as it is an easy way for hackers to score profit. In 2014, the FBI estimated that ransomware swindled up to $27 million in just six months.
Healthcare faces more threat than other industries due to the sensitivity involved in patient information, and currently has limited protection against such attacks.
The recent attacks on hospitals correspond to the following reasons:
1. Insecure Hospital IT:
The hospital IT infrastructure is largely insecure, making it susceptible to a malware attack. Hospitals are using outdated software, which makes the hacker’s job all the more easy. Due to inadequate funding, the IT infrastructure remains more or less the same, leaving it vulnerable to an attack.
2. Hospitals have more to lose:
With the hospital battling life or death situations on a daily basis, a flurry of ransomware malware attacks can put both the patients and healthcare professionals at risk. . Such attacks can have wide ranging implications to a healthcare provider, such as unavailability of patient medical history, delayed reports and even potential public relations controversies.
3. Lack of qualified staff:
Most hospitals have this policy of spending the bare minimum for IT operations, which is a grave oversight. In line with this policy, hospitals fail to have the right IT infrastructure and shy away from installing new and improved software security features. It is very important that hospitals invest in skilled staff, who can help them adopt new tools that eliminate attacks.
Ransomware is a real threat to healthcare sector, affecting not only the coordinated care but also the regular functions of hospitals, not to mention risking sensitive patient information.
The best cure for this virus is prevention. Here are some simple steps to ensure maximum protection against ransomware.
1. Employee Awareness :
Ensure all employees using the server are aware of the threat and are frequently reminded of the danger of accessing dubious sites or downloading unknown files. Security awareness training could boost the security infrastructure and inform employees on responsible use of the internet. Employee’s conscious of the threat will less likely be trigger happy.
2. Focus on Cyber Security:
Hospitals must acknowledge the importance of cyber security and invest money on latest technology and infrastructure to prevent cyber-attacks. Hiring competent IT professionals and also training existing staff on new information technology will help in staying up to date.
3. Backup Plan:
All important data must be backed up on a system off site to limit the effect of an attack and retain hospital functionality. Hospitals must develop a business continuity plan and be prepared to prevent any attack on their servers. Measures such as disconnecting internet and turning off Bluetooth/Wi-Fi connectivity upon suspected attack or doubt can reduce the spread of any malicious software.
4. Restricting access:
Restricting network access and breaking up the network into smaller groups can help in restricting and containing attacks on the servers. Also, layering the server into groups will make it difficult for the hacker to infiltrate the server.
5. Block Zip files and spams :
Configuring mail servers to block zip, spam and other files, which may contain malicious content, can drastically reduce the threat of ransomware.
No one solution or technology can be the ultimate answer to ransomware, but these measures will ensure that the hospital is not an easy target to hackers. And in case of an attack, they also help the hospital protect sensitive data and retain functionality.
Every step in the network should be designed and built using hack-proof methodology. Hackers consider hospitals an easy target, but if they face considerable difficulties, chances are they would simply look away.