Ransomware poses a very real threat to every health care organization in America. In the health care industry, 85% of organizations have experienced a ransomware attack, and that number continues to climb as criminals recognize the unique vulnerabilities in the health care industry. Motivated by patient safety, the potential damage to the reputation of their organizations, and the major financial impact of a ransomware attack, health care organizations are likely to pay quickly if compromised. There are things your organization can do to prepare itself for success in the battle.
1. Training Is Vital
Viral attacks almost always require someone to open the gates to allow entrance. Malicious email and sketchy websites lure the unsuspecting worker in your organization to allow entrance into your network. The most vulnerable link in your network is ultimately the end user. The fact is that you must provide training to your employees to help them spot threats – either to prepare them beforehand, or to respond to an attack afterwards.
Providing ongoing critical training in spotting and avoiding malware threats is the single most efficient way of protecting your organization. This training will not only guard you against ransomware but other kinds of malware as well. Threats from cyberattacks change constantly, so it is crucial to make training on recognizing current threat vectors a regular part of your organization’s culture.
2. Reassess Your Backup
Your network backup may well have been designed to protect you from outages, equipment failures, or natural disasters. Conduct a thorough audit of your backup systems for their ability to protect you from malicious threats as well. Ransomware often seeks out and compromises backup systems before making its presence known. Without regular backups to systems disconnected from your network, you may be vulnerable to an attack that compromises your entire system. Take steps to analyze your current backup and make changes as needed.
3. Make Updates a Priority
As new attacks occur, software makers update software against exploited security vulnerabilities. Criminal hackers depend on the fact that your organization has failed to take the time to update your system to protect against that vulnerability. Finding new vulnerabilities and exploits is time-consuming and expensive for hackers. Make their work less rewarding by cutting off the easy routes into your network.
Update antivirus and malware protection on a constant basis. These programs are the fastest at updating protection against the latest threats. Operating system and browser updates should also happen as soon as possible when a patch is released. Internet content filters help avoid the latest malware infected websites. And don’t forget updates for health care-specific technologies. These may not update as frequently, but when they do, it is vital to implement the new patch as soon as possible.
4. Vigilance is the Price of Safety
Updating systems, training employees, and protecting your backups are effective for reducing your risk of infection. These measures take time, create short term inconveniences, and require organization and vigilance on your part. Acting now won’t guarantee you are invulnerable to attack, but is the right thing to do to safeguard your patients.