Raise user awareness and education about risks
Ransomware is dangerous because your defenses against it are often only as strong as your least cautious employee—when one person clicks on an email, the entire network is compromised, says William MacArthur, threat researcher at RiskIQ. Often, ransomware charges per computer, so paying to unlock each machine on your network can add up quickly. Ransomware actors are getting savvier with social engineering, creating more convincing lures by leveraging brand names and picking up on the common language, software and processes used by certain organizations.
Limit access to dangerous web sites by implementing a whitelist
Customize email settings and filters
Spam and virus filtering should be used for both inbound and outbound risks. The best approach is a package that scans both user desktops and the mail server in real-time. You can reduce the risk of unwittingly introducing a threat to your IT environment by stopping harmful emails before they hit user inboxes.
Keep current on patches and updates
Organizations often lack tools to quickly monitor all IT assets or workloads to discover which have the highest security risk. If that information were effectively procured in real-time, they would have a much simpler way to find and mitigate threats quickly, such as identifying which systems are running without the latest security patches and updates.
Manage device vulnerability
Keep anti-virus software installed and current
Make use of permissions management
Limit access points
Regularly perform data backups
Providers need tested and trustworthy backup capabilities, says Ben-Simon of Trapx. They need a robust, tested, disaster recovery process that ensures core IT systems can be brought back up in a few hours. Most hospitals have backup in place to support compliance, but they really cannot restore key applications and recover operations fast enough in the face of a ransomware attack. When an environment faces a true disaster, even a well-planned disaster recovery strategy will typically take days until full operations are restored. When faced with ransomware, recovery needs to take only a few hours.
Understand the scope of restoration
Reconsider network redesign
Data backup and disaster recovery planning should be a high priority for healthcare institutions. For example, taking affected machines off line and having data backups that can quickly become live instances are steps that can be taken to bring services back online quickly. Healthcare organizations should also be collecting logs and data flows to ensure they can investigate the traffic patterns of these exploits to identify other potentially infected hosts before they spread internally. “This will also help IT teams to not only be alerted to cyber attacks, but also have the forensic data to see where the hacker penetrated the system and close that hole,” Patterson says.