Ransomware attacks on hospitals. PHOTO: Cybercrime Magazine.

Hospital CIOs Stare Down Healthcare’s Fastest Growing Cybercrime

Herjavec Group provides guidance on how to mitigate the risk of ransomware, which is predicted to increase 5X by 2021

Steve Morgan, Editor-in-Chief

Northport, N.Y. –Jan. 5, 2019

Healthcare CIOs face an increasingly hostile cyberscape, led by ransomware attacks, according to Herjavec Group, a leading global cybersecurity advisory firm and Managed Security Services Provider (MSSP) with offices across the United States, Canada, and the United Kingdom.

The latest ransomware research from Cybersecurity Ventures predicts that Ransomware attacks on hospitals will increase 5x by 2021.

Herjavec Group Executive Vice President of Technical Operations, Lewie Dunsworth, confirms the prediction explaining the priority for healthcare providers, “Patient care is the most important thing to all healthcare providers. Simply put, it’s why they exist. Unfortunately, a threat like ransomware can dramatically impact a healthcare organization’s operations to the point it could affect the welfare of their patients. It’s a chicken and egg scenario; you want to have effective security, but it needs to be balanced with a caregiver’s ability to provide for their patient. This is another scenario where just implementing good security fundamentals, like keeping systems up to date by patching vulnerabilities, pays huge dividends in helping provide a safe environment.”

Herjavec Group suggests organizations implement the following recommendations to mitigate the risk of ransomware:

  • Regularly backup all data on all computers. Restore your data from backups and re-image the infected computers.
  • Cleaning the computers is possible, but the gold standard is to re-image the computer from known-good images, to eliminate not only the ransomware, but any other malware that may have been downloaded at the same time.
  • If you suspect that the malware came in with email, it may be useful to try to find the source email and delete it from all mailboxes to prevent reinfections.
  • Disrupt any active infections by removing the infected machine from the network until it can be re-imaged or cleaned.
  • Unplug the network cable or turn the machine off.
  • Train your staff to recognize a phishing scam and other common social engineering tactics used by cybercriminals.
  • Unplug the network cable and turn any infected machine off to remove it from the internal network and stop the ransomware from spreading to other devices.
  • If your organization has a BYOD (bring-your-own-device) policy, ensure that you and your staff are aware of any risks associated with using personal devices at work.
  • Regularly update and patch all applications to avoid being exploited by vulnerabilities used by cybercriminals to propagate the ransomware.
  • When downloading any documents through email, always disable macro scripts and using Office Viewer software to view the downloaded documents.
  • Restrict the ability to install software applications using the “Least Privilege” principle for all systems and services.
  • Build a stronger security plan by whitelisting certain trusted applications that may be used by employees and requiring the use of a VPN for remote work.

Download the 2019 Healthcare Cybersecurity Report to learn more about the three biggest cybersecurity threats, including targeted ransomware attacks, faced by healthcare organizations globally in 2019.

Global ransomware damage costs (affecting all types of organizations and consumers) are predicted to reach $20 billion (USD) annually by 2021 – which is 57X more than it was in 2015. This makes ransomware the fastest growing cybercrime.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.