If the idea of ransomware only conjures up thoughts of email or malicious websites, a new wave of attacks might grab your attention—especially in light of ransomware’s role in healthcare cybersecurity.
According to Anomali, eCh0raix—a new strain of file-locking malware—reared its head in June 2019 and is standing out for one reason in particular: it’s targeting endpoints, specifically, QNAP network-attached storage (NAS) devices. The brute-force attacks on NAS devices have been a particularly attractive method for cybercriminals, because the storage devices house critical data and backups but often aren’t outfitted with proper security software.
What does all this mean? Mostly, that healthcare needs to evolve its malware prevention, and quickly.
Healthcare cybersecurity’s sordid past with ransomware
When you look at healthcare’s history with ransomware, the speed at which attacks are escalating is even more striking. Healthcare News IT reports that, before 2016, healthcare organizations weren’t a primary ransomware target. But that all changed with the Hollywood Presbyterian attack and subsequent media coverage. Now, ransomware is ranked as a “major information security threat” to the industry, as Healthcare News IT notes.
For example, in 2018, the attack on the medical billing company Wolverine Solutions Group left thousands of patients being warned that sensitive medical information had been breached, as TripWire reports. There were also the SamSam attacks that, according to Healthcare Dive, hit 67 organizations in 2018, with almost a quarter being in the healthcare vertical.
These are just two of the prolific examples that demonstrate a challenging new reality in healthcare. In 2018 alone, ransomware attacks tripled, with healthcare shouldering the brunt of the increase. The previous year’s Cylance Threat Report highlighted not only the rapid growth but also the ease of deployment of malware, especially for legacy security solutions that depend on signatures for detecting attacks and shortening their lifespan.
Endpoint protection at the center of malware prevention
If you breathed a sigh of relief earlier because you don’t deal with QNAP devices, you might be relaxing a little too early. This shift in threat vectors means that healthcare cybersecurity professionals need to expand the scope of their concerns.
Healthcare CMOs and their teams should want to know everything, including the security of endpoints such as NAS devices, printers, IoT devices, and your imaging suite.
While ransomware is commonly associated with emails disguised as trustworthy files, things have changed. To adapt to next-generation ransomware, you’ll need to take a new approach—one that’s mindful of endpoint protection. Keep these four tips in mind when you build your plan to tackle this new breed of threats:
1. Accept that healthcare is vulnerable.
Ransomware is a big business, and healthcare organizations make ideal targets. Estimates from the Beazley 2018 Breach Briefing show that 45 percent of ransomware attacks are aimed at healthcare organizations. Attackers know that lives are at stake and most organizations are likely to pay the ransom just to avoid any issues, especially if the amount is relatively low. All this adds up to a situation in which prevention is the best posture.
2. Segment networks.
Compartmentalize systems and data wherever you can do so without interrupting operations. By segmenting your networks, you’ll make it more difficult for ransomware to spread between systems. This is a basic step, but it can go a long way to improve your security posture.
3. Keep up with patches.
Make sure you’re patching known vulnerabilities in your applications and operating systems as soon as they’re discovered. In light of the new focus on endpoints, pay special attention to keeping endpoint anti-malware software updated. Advanced endpoints, such as smart, secure printers, offer automatic updates and self-monitoring, which makes this job easier.
4. Don’t forget backups.
If you haven’t revisited your backup regimen, now might be the time. Keeping multiple copies of patient and critical business data in diverse locations (offsite, in the cloud, and locally) increases your ability to restore systems post-incident. As an added bonus, this step also aids in supporting a HIPAA Security Rule–compliant contingency plan.
Stay alert and keep up with the times. Endpoint security awareness is becoming ever more important in the modern cybersecurity environment, so make a habit of checking in on tech news and developments as they emerge—it may just save your skin.