Stealthy cyber criminals are hacking into more and more websites and implementing malicious software blocking access to a computer system until someone pays a specified sum of money — and health care providers have proven to be a prime target.
According to Ron Temske, vice president of security solutions, Logicalis US, an international IT solutions provider, ransomware has become one of the most sophisticated criminal enterprises the world has ever seen.
In a recent webinar, Temske and Jason Malacko, IT security expert, Logicalis US, offered tips on how to prevent one's business from becoming a casualty of the ransomware epidemic.
Why is ransomware growing?
“Basically, it’s profitable,” said Temske. “It’s a $1 billion enterprise. That would be something that would be heralded as an accomplishment if it weren’t based on such nefarious principles.”
A recent industry study found that nearly half of all U.S. businesses were the victims of at least one ransomware attack in just the past year. Plus, according to the U.S. Department of Health and Human Services Office for Civil Rights, over 230 health care breaches impacted a combined loss of over 112 million records and affected 500 individuals or more in each breach.
The top 10 breaches alone accounted for just over 111 million records, and the top six breaches affected at least 1 million individuals.
“It can be used by anyone," said Temske. "You don’t even have to be a security practitioner to deliver ransomware."
One example of a health care facility being held hostage was in February when hackers got paid $17,000 or 40 Bitcoins
by officials at the Hollywood Presbyterian Medical Center in Los Angeles. The CEO was quoted by many news agencies as saying they paid the ransom because it was in their best interest, and was the most efficient way to end the problem.
Whether or not business leaders decide to pay the kidnappers who have taken over their data, Logicalis experts said that companies need to be ready for an attack way before it happens, to be able to detect it and then stop it while it’s happening. Plus, some companies are able to recover from it after it happens to them.
How can a facility prevent ransomware or recover from it?
First of all, businesses need to understand how they actually receive ransomware, Malacko said.
“It most frequently will be coming from the web or an email. It might be an email that has attached documents. It might come in an archive or link. It could even be a hacked website called a watering hole that redirects you to the payload of the ransomware,” he said.
Some companies can decrypt it themselves. Once you are a hostage, the key is to move off to where the kidnappers aren’t.
“It really is about having a layered defense, a true architectural, integrative approach, and working together with those in your company,” Temske said.
By having a holistic approach to security, company IT staff and leaders will know that things are in place in case you are attacked. The time to plan isn’t when you are under attack. You want to have documented procedures in place before anything happens.
Five steps to ward off an attack and recover from one:
- Focus on modern, next-generation anti-malware and firewall solutions that can stop the attack before it starts.
- Automate your defenses and your response, because today’s threats are automated, That means that human intervention is not fast enough.
- Be able to compartmentalize data using network micro-segmentation strategies, because once malware enters your network, it will spread fast. But it’s difficult for malware to spread laterally when you compartmentalize it.
- Create a plan for when, not if, you are attacked. Be certain you are backed up on your network, and test it, and your restore process. A backup is only good if the information can actually be restored when you need it. Also, do you have an uncorrupted source form which you can immediately recover?
- Decide on a pay or no-pay policy. How much damage will be done if you decide not to pay? “The time to make that decision is not when it's happening,” Temske said. “Take the emotion and adrenaline out of the equation. Plus, we have found that in most cases you can negotiate your ransom. [Some] have been able to reduce the ransom by a decent amount, but don’t miss an imposed deadline.”