Your money or your data: How to avoid a healthcare cyber sting

Imagine this happening at your health system: Doctors who are treating patients suddenly lose access to electronic patient medical records while surgeons in operating rooms hear alarms sounding from their medical devices. Elsewhere, equipment in patient rooms is suddenly going haywire as physicians and nurses scramble to understand what’s going on. Computers throughout the organization start slowing down and begin to shut down mysteriously. Meanwhile technical teams are scrambling to restore and resume IT operations, but to no avail — the systems have stopped working.

Does this scenario sound farfetched to you? It shouldn’t. Recently, staff at Universal Health Services, one of the largest health systems in United States, watched helplessly as a widespread disruption incapacitated its healthcare operations. This “perfect storm” — a cybersecurity storm — is believed to have been caused by ransomware.

What is ransomware? Ransomware is just what it sounds like — a nasty malware or cyberattack that encrypts an organization’s sensitive files and then holds them ransom for the release of the captive files. If the organization willingly pays the ransom, which is negotiable at times, life goes on. If not, options are few.

Cyberattacks of this nature have increased in frequency and sophistication. A recent study revealed that In the last 90 days ransomware attacks in healthcare organizations have increased by 50%, with ransom averaging from $1 to $5 million per incident. The financial loss can be devastating, but the worse reality is ransomware attacks can cost lives if access is blocked to critical systems and patient data.

Financial loss can be devastating, but the worse reality is ransomware attacks can cost lives if access is blocked to critical systems and patient data.

Managing a ransomware threat

The first step in managing a ransomware threat is prevention. Look at your information security and cyber defense and protection programs, and be sure they adequately protect against ransomware threats. Next, review your business resiliency programs to ensure business operations can continue until your organization gets back to a state of normalcy.

Here are some key activities to help assess a ransomware threat and align mitigation strategies with your business resiliency program.

• Mobilize personnel and resources to identify cybersecurity and operational support gaps and devise new readiness strategies. Your cybersecurity review should include risks and vulnerabilities existing in third-party or cloud-based services that may have been previously overlooked or left unaddressed.
• Update software patches, security configurations, and other information security enhancements immediately to protect critical systems and data.
• Undertake necessary IT infrastructure changes to provide processing elasticity and scalability in the event of a widespread system outage.
• Implement the latest cybersecurity protection and monitoring platforms to detect threat events, data theft, and insider attacks.
• Integrate health and safety protocols with your cybersecurity and business resiliency programs to minimize disruption to patient care services in the event of an attack.
• Raise staff awareness of the ongoing threat of ransomware and other cybersecurity issues.

Cybersecurity strategies should be integrated into your organization’s emergency readiness plan to ensure business alignment and resilience, and they must be validated and tested on a regular basis to guarantee the plan is ready and able to handle a crisis.

Don’t be an easy target: With proper planning and deployment of the right technology and system solutions, your organization can avoid a crisis or at least continue to operate with minimal disruption — safely and securely — if one should hit.

For help addressing cybersecurity gaps and building your information security infrastructure, reach out to our cybersecurity task force.