There is a perplexing trend in which hackers have been attacking hospitals with ransomware that blocks the network, forcing the payment of large crypto-currency ransoms to regain control of the infected data files. The so-called Cryptolocker virus, and others like it, holds all of the information resources of a hospital for ransom.
Attacks come in emails, or infected websites, where the simple act of clicking on a link will install the malicious software. The software then has access to the infected system with the same access privileges as the person whose account enabled the penetration.
Preventing unauthorized access is not a new concept to healthcare networks; HIPAA regulations require the secure handling of patient records and information, so any breaches trigger notifications to the government and patients, which creates an added burden during a crisis. Extending the same security practices to network access represent additional burdens on IT departments but not a change of paradigm.
When the attacks gain control of user accounts with sufficient privileges, they lock up the IT files and folders for the entire hospital network. Once a virus deploys, the only way to open the files is to purchase an extortionately priced decryption key. The following strategies are defenses with which healthcare IT departments can respond:
Deliberately block connections that are not directly part of regular operations and serve no purpose to the network except to provide vulnerabilities; this includes limiting the system to trusted IPs and excluding such overt threats as encrypted dark-web connection attempts.
IT administrators should review and reduce access for those users who have more authority than required for the roles they play in the network.
The architecture of cloud-based computing makes it much more resistant to ransomware attacks; managers should explore how they can migrate applicable systems to the cloud to leverage the security capabilities of the leading cloud services providers.
The cloud also provides resources to backup all data activity on the scale of large organizations like hospitals with ease. If you have backups to replace ransomed files, you may have the inconvenience of a minimal loss of data and recovery time, but with no need to pay ransoms; you just reboot and start again.
The viruses are varied and evolving, changing as the criminals behind them discover new exploits and respond to countermeasures. Hospital IT departments need to monitor developments and adopt the latest solutions in network security and architecture. Finally, educate your users about the responsibilities and risks they face, and what they need to do to assist in mitigating the risk.
Ransomware attacks pose a genuine threat to hospital IT systems. The most effective response is the one that leverages prevention and the latest capabilities of cloud computing to prevent entry by the malicious software. An intelligent response to this insidious threat is to mitigate the effects by backing up all of your files and preparing for recovery in advance of the event.
Intersog, a leading technology partner, gains recognition on Clutch's prestigious list for game-changing software developers…
In the shift towards widespread remote work, the adoption of advanced digital tools marks a…
In the quest for innovation, the fusion of AI and Machine Learning with global remote…
In an era marked by rapid technological progress, the fusion of cloud computing and artificial…
Explore Intersog's unique approach to tech recruitment, offering a transparent, direct path to genuine career…
Explore the critical role and innovative strategies of efficient software maintenance for ensuring software stability,…
This website uses cookies.