Our October 29, 2020 blog discussed the number and severity of recent ransomware attacks on the healthcare and public health sectors. Only weeks later, cyber-attacks have again increased dramatically. Published analyses of the primary vulnerabilities and new Cyber-crime predictions for 2021 indicate the need for additional actions. These actions include improving the hardening of systems, networks and access, updated continuity plans and the continued reduction in the numbers and types of threat vectors. A few of the recent facts uncovered regarding healthcare and public health sector threats:
- Detailed in today’s AHA Ransomware update: CISA, FBI, and HHS continue to assess the threat of ransomware cybercriminal activity targeting the HPH sector. At this time, we consider the threat to be credible, ongoing, and persistent. Of note, some recent healthcare sector victims have experienced very short periods of time between initial compromise and activation – even under a few hours.
- According to the latest Zscaler report on encrypted attacks: cybercriminals use industry-standard encryption methods themselves [SSL], devising clever ways to hide malware inside encrypted traffic to carry out attacks that bypass detection. Between January and September, the Zscaler cloud blocked an astounding 6.6 billion security threats hidden inside encrypted traffic. [This] amounts to an average of 733 million blocked per month. Healthcare was impacted more than other sectors experiencing 1.6 billion encrypted attacks.
2021 Healthcare: Cyber-crime and IT Staffing
Blackbook Research provides survey results that included 2,464 security professionals from 705 provider organizations:
- Seventy-three percent of health system, hospital and physician organizations report their infrastructures are unprepared to respond. The survey results estimated 1500 healthcare providers are vulnerable to data breaches of 500 or more records, representing a three hundred percent increase over this year.
- Ninety percent of practice administrators and 82 percent of hospital CIOs in inpatient facilities under 150 beds said they are not even close to spending an adequate amount on protecting patient records from a breach.
- Eighty percent of healthcare organizations said they have not completed a cybersecurity drill with an incident response process, despite rising cases of data breaches in healthcare this year.
Beckers Hospital Review and Blackbook research: Cybersecurity positions in health systems on average take up to 70 percent longer to fill than other IT jobs. Health systems are struggling to find employees with cybersecurity-related skills and on average take about 118 days to fill job positions, which is almost three times as high as the national average for other industries
OK, So What Now?
Some recommendations that represent best practices for leading healthcare providers and businesses in the public health sector:
- Follow the 3-2-1 rule: Even the AHA is recommending the 3-2-1 strategy: In general, maintaining anti-ransomware best practices like the 3-2-1 backup system or conducting regular vulnerability scanning to identify and address vulnerabilities will help protect your organization against future threats. The rule is 3 different copies of your data, on 2 different media, 1 of which is offsite. Consider sending your backups offsite to the certified “compliant” cloud or even tape using a cloud-based solution such as Otava Cloud Connect.
- Use air-gapping for extra resilience: Air-gapping is defined as taking your media offline. Powering off VMs, auto-ejecting removable storage, and using an out-of-band protection solution where backups are taken via the same backup copy job on the network, then automatically sent to a service provider in the cloud, are all ways of air-gapping your backed-up data.
- Use different credentials for backup repositories: Use separate credentials for each of your backup repositories. If one set of credentials is compromised, you can still rely on your other repositories. Also, restrict user permissions as much as possible, this could help prevent the infection from spreading.
- Use updated Email and web filtering tools: Prevent ransomware from getting to you in the first place, most ransomware infections start with email phishing attacks.
- Consider implementation of Zero Trust: Zero trust is an initiative to move from “trust but verify” to a “never trust, always verify” approach. In practice, this model considers all resources to be external and continuously verifies trust before granting only the required access.
- Employ a multi cloud strategy: A multi-cloud strategy can help ensure your environment is spread out between multiple providers so that if one of them experiences an attack, the rest of your environment is quarantined.
- For employees, remote access and mandatory security training, all critical elements of your security and continuity plans, consult this link: Making Sense of the Latest Ransomware attacks on Healthcare
- Reduce IT Staffing Problems: To increase the protection afforded by your HIPAA compliance efforts, reduce your IT staffing problems and address potential budget challenges, consider fully managed disaster recovery and backup solutions. These solutions provide a “best in industry” 24x7x365 extension of your staff to address security and business continuity concerns.
Looking for HIPAA compliant hosting, cloud services, and best in class security assistance? Otava can help. Our cloud, disaster recovery and colocation solutions have helped covered entities and business associates alike adhere to HIPAA regulations, keep PHI secure and help improve business continuity. Download our free white paper on HIPAA compliant hosting, check out our HIPAA compliant solutions or contact us to learn more.
Why disaster recovery is important to HIPAA compliance: There are many aspects of complying with HIPAA regulations, and all are equally important to avoid facing the stiff penalties that come as a result of any violations. In addition to technical and physical safeguards for your PHI, the administrative safeguards…(Keep Reading)
Disaster Recovery and Business Continuity in the remote workforce environment: In the decades-long evolution of the remote worker, policy, data protection, security and compliance all kept pace with the rollout of users and applications. Today, there is a new and onerous dimension added to this evolution, the mass and immediate deployments of multitudes of new home workers due to the current global pandemic. (Keep Reading)
Ransomware attacks up in 2020, How to protect yourself: Ransomware, the devastating cybercrime that locks people and corporations out of their files and demands money for their safe return, continues to rise. (Keep Reading)
Making Sense of the Latest Ransomware attacks on Healthcare : As ominous as the potential financial threats of ransomware are, when personal healthcare information and even healthcare systems are targeted, human lives are put at risk. (Keep Reading)