With the inception of the COVID-19 pandemic, malicious actors are increasingly targeting small hospitals and health centers with ransomware attacks. This is likely because these organizations are more likely to pay the ransom to recover data, as they weigh the perceived cost/benefit to strengthening their IT infrastructure security, or moving part or all of their IT operations to cloud-based solutions.

Cybercriminals tend to specifically target direct patient care facilities such as hospitals, healthcare centers, medical practices and health and wellness centers; although their efforts are certainly not confined to the above-referenced provider classes. The average ransomware demand is in the neighborhood of $60,000; however, simply paying the ransom in no way guarantees that the attacker will remit the decryption key; in fact, quite the opposite may occur; paying a ransom may encourage the attacker to maintain the leverage they enjoy over the target. 

The ultimate consequences of ransomware attacks can and often are quite severe, ranging from continued involuntary exploitation of the attacker/victim relationship, to business closure. In some cases, class action lawsuits (dependent on the attack vector and information yield).

As more organizations move employees to work from home, remote staff make it increasingly difficult for IT teams to police computer systems and prevent cyber-attacks. Attackers now have far more access points and endpoints to probe or exploit, with little to no security oversight.

Here at CyberSecOp, we have formulated several countermeasures that healthcare employers should employ to minimize the risk of their networks being penetrated and secure their sensitive information.

Add data storage: After backing up data, the next step is to store data offline, on a different network, or a cloud-based environment.

Maintain a strong information encryption policy: Healthcare data must be encrypted at rest and transit with the highest standards available so that even if cybercriminals acquired it, they would not be able to read it.

Formulate and maintain an Incident Response Plan: Develop and test an incident response plan to help mitigate the impact of certain destructive malware attacks.

Track all data: Security personnel should closely monitor the company’s digital assets within the organization. This is of particular importance now as healthcare facilities’ attack surface expands and becomes more complex with some staff working remotely. 

Establish and maintain firewalls: To harden networks and connected equipment, healthcare facilities with devices running open services should place them behind the latest application firewalls. They should also implement proper change management and firewall reviews to ensure proper documentation and optimization of these devices.

Follow the trends: Be aware of current ransomware threats, attack trends, and make sure those trends are socialized and communicated throughout the organization. Awareness is key.