Skip to main content
Sister Publication Links
  • ESG: THE IMPLEMENTATION IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Digital Health
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Unwell in America
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
Sponsored Content Provided By Sophos
This content was created by and paid for by an advertiser. The Crain's editorial department was not involved in the creation of this content.
November 23, 2020 06:30 PM

The 4 Steps Healthcare Providers Must Take to Defend Against Ransomware

Dan Schiappa, Chief Product Officer
Sophos
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    digital screen stock image
    iStock

    Healthcare providers have a serious ransomware problem, and it’s getting worse.

    In just the last several weeks we’ve seen everything from a ransomware attack that crippled a hospital in Germany, leading to a delay in patient care and ultimately a patient’s death; hundreds of healthcare facilities in the US and UK knocked out by a single ransomware package; and a federal government warning issued by the FBI, Department of Health and Human Services, and Cybersecurity and Infrastructure Security Agency highlighting the “increased and imminent” specter of ransomware threats lurking over hospitals and other healthcare providers.

    How did we get here? In one sense, this has been a long time coming. Hospitals and health systems are, quite unfortunately, ripe for ransomware and other cyberattacks. Some of the factors most responsible for the rise in healthcare-targeted cyberattacks are due to the nature of the industry itself, like decentralized operations across hospitals and healthcare providers, and exponentially growing volumes of patient health information being captured and stored electronically (i.e. electronic health records) by health systems.

    COVID-19 is also, in many ways, a culprit for these accelerating healthcare ransomware attacks. The sudden onset of the pandemic forced healthcare providers to very quickly set up emergency COVID-19 facilities, with little time to plan out robust IT security infrastructures to protect these facilities. On top of that, the practically overnight shift to telehealth and remote working meant scores of new security gaps were opened – and discovered by attackers – just as quickly.

    This trend has moved in tandem alongside another disturbing one: a growing sophistication among ransomware groups. Instead of large-scale, brute force attacks, ransomware attackers have rapidly shifted to more focused, strategically planned and executed strikes – resulting in more precise attacks that are harder to detect and defend against. This is no assembly line, mass-produced product; this stuff is the craft beer of malware. And it’s the reason why resurgent ransomware gangs like Ryuk, which has been credited with one-third of all ransomware attacks occurring in the past year, have had such devastating success by targeting healthcare providers. 

    So how do they respond? Here are four key steps every healthcare provider needs to undertake to get ahead of their growing ransomware problem.

    1. Identify your weak points.
    Ransomware attackers move alarmingly quickly. If a target opens a phishing email attachment, it only takes a little over three hours for the cybercriminals to begin performing recon across the target’s network; within a day, they’ll have accessed a domain controller and begun deployment of their ransomware package. So knowing where your vulnerabilities are is critical. Servers with Remote Desktop Protocol (RDP) enabled, unpatched web servers, and a lack of multifactor authentication for logins are all common and key weak points that attackers will exploit. 

    2. IT hygiene + companywide awareness and education.
    The obvious next step once you’ve identified your weak points is to patch them. Don’t have two-factor authentication? Implement it. Security definitions out of date? Update them. RDP servers are enabled? Shut them down or put them behind a VPN. This is as much an awareness issue as an IT one. Anyone in the organization that sends an email, has a password, or uses a device to log onto a network needs to know and practice basic IT hygiene, including creating stronger passwords and knowing how to spot spear-phishing emails. If they don’t know what that means, they need to be taught. The security of a hospital’s network is only as strong as its weakest password.

    3. Implement EDR with human-led threat hunting.
    Endpoint detection and response (EDR) shores up security defenses for every device linked to a network, while also providing crucial information on potential threats to response teams who track down and neutralize these issues. This goes hand-in-hand with the human touch of a threat hunting team, whose expertise at recognizing red flags and attack patterns, and parsing the context of impending threats, empowers organizations to proactively go after the problem – ejecting ransomware packages from networks and neutralizing threats at their root cause – rather than sitting in a reactive position.

    4. Deploy lightning-fast incident response.
    Ransomware moves fast, so healthcare providers need to be able to move faster. Sophos Rapid Response does exactly that: a first-of-its-kind offering that accelerates hospitals’ and health systems’ ability to identify, neutralize, and expel cybercriminals from their networks. The speed of your response is critical; it’s the difference between an executed or thwarted ransomware deployment – and potentially, life or death for patients. Sophos Rapid Response provides the lightning-fast edge that healthcare providers need to stay a step ahead of ransomware gangs, minimizing the damage done to their networks, recouping otherwise lost costs, reducing recovery time, and ultimately helping to preserve the speed and quality of patient care – even potentially saving lives.

    With ransomware, the clock is always ticking and every second counts. It’s not an unbeatable threat, but being able to tackle the ransomware problem means hospitals and health systems can’t waste any time on deploying a combination of robust security defenses and proactive, rapid response measures.

    To learn more about the evolving attacker behaviors and tactics that are likely to shape the 2021 threat landscape, read the Sophos 2021 Threat Report here.
     

    About the Author:


    Dan Schiappa is chief product officer at next-generation cybersecurity leader Sophos. He’s a transformational and strategic leader who orchestrates the company’s technical strategy, playing an instrumental role in architecting technologies; overseeing product management and research and development; and ensuring product quality. With a passion for education and inspiring the next generation of cyber talent, Dan also serves as chair of the University of Central Florida’s Dean’s Advisory Board, where he oversees various aspects of the school’s elite cybersecurity program.
     

    Sponsored By:


    sophos logo

    As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyber threats.

    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Digital Health
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Unwell in America
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing