Lessons from Ransomware Attacks on Healthcare Providers

Earlier this year a number of healthcare providers found themselves under siege by targeted ransomware attacks. In February, Hollywood Presbyterian Medical Center in Los Angeles had its network crippled, ultimately paying $17,000 in bitcoins to recover its systems. Three other ransomware attacks have targeted healthcare providers in California, and incidents have been reported in other states. These attacks may signal recognition by attackers of the particular vulnerability of these businesses. Healthcare companies store a vast amount of data, from patient medical records to insurance and billing information, in addition to ordinary operating data.

In general when it comes to cybersecurity, among an organization’s weakest links are the employees. They should be trained to identify phishing attacks and perform proper authentication of third parties before providing them with data or access to the network. Organizations should also closely monitor internal access controls, implementing the principle of least privilege (i.e., granting users only the minimal amount of access and permissions necessary to do their jobs). Rapid identification of potential infections with intrusion detection systems is crucial. It can facilitate the swift isolation of infected servers or endpoints and prevent the damage from spreading.

In order to respond properly to a ransomware or other cybersecurity incident, organizations must prepare, implement and routinely test incident response plans. Rapid identification, isolation and mitigation of threats can mean the difference between a temporary disruption of service and a substantial, and potentially unrecoverable, business loss.