Two Critical Steps to Ransomware Readiness for Healthcare Organizations

Ransomware attacks in healthcare have been on a sharp rise in the last few years. In fact, the number of affected healthcare organizations nearly doubled in 2021, jumping to 66% from 34% the previous year. While many other industries have also seen a rise, dependence on access to patient data and interconnected devices and systems makes the consequences for healthcare even more severe.

Service disruptions due to ransomware attacks can lead to delayed treatments or patients being rerouted due to computer systems being down. It can even lead to death, as shown by a lawsuit in 2021 filed by the mother of a baby in Alabama who died from fatal brain damage after key tests were missed due to a ransomware attack on the hospital at the time of delivery.

Ransomware continues to be the most lucrative way to monetize malware. Increasingly organized and well-funded hackers are constantly targeting healthcare organizations due to the potential damage that can be caused. It has also been made easier by the rise of remote healthcare solutions as well as hybrid and remote work arrangements for hospital employees. These growing trends have dramatically increased the attack surface and number of vulnerable devices and endpoints that can be exploited by hackers.

So how can healthcare organizations fortify their cybersecurity capabilities against ransomware while maintaining cost efficiency and minimizing the effect on day-to-day operations? Any ransomware prevention effort must start by defending against both basic and advanced threats. Having a disaster recovery plan where infected systems failover in near real time to identical systems in a separate data center or cloud isn't enough.

To ensure complete readiness against any ransomware attacks, healthcare organizations must adopt a two-step cybersecurity strategy with a plan for both the prevention of any ransomware attacks as well as system resiliency should any such attacks occur.

Step 1: Prevention
Healthcare organizations must first create risk and threat models by understanding their threats, vulnerabilities and assets to create a ransomware prevention framework. Protecting a healthcare IT system requires a strong cybersecurity foundation with no weak links in the chain. This means thoroughly covering all cybersecurity basics, including endpoint and data protection, immutable backup, asset management, end user awareness and training, and strong identity and access management.

Aside from these essential steps, healthcare organizations must also build strong malware detection capabilities that are automated and can integrate with their current systems. Any impediments to interoperability, such as data silos and legacy systems and technologies, should be avoided.

Prevention is an on-going process, so building out a plan isn't enough. There must be constant operational and governance, discipline and collaboration from all involved stakeholders. The prevention framework must also be constantly tested, refined and optimized to ensure that it stays up to date with the latest threats.

Step 2: Resiliency
Building system resiliency against healthcare ransomware attacks goes hand in hand with prevention. Even when you have strong prevention measures in place, there's always a chance that a ransomware attack may still succeed. Having a resiliency plan in place will make sure minimal disruption and damage should such an incident take place.

A resiliency framework starts with defining your subset of critical production assets and then mapping them to advanced solutions that enable you to recover quickly from a breach, such as an air-gapped backup. You must then enable steady state and implement detection measures that can quickly analyze and identify any behavior anomalies in the system that may be a sign of a ransomware attack taking place.

Finally, you must continue to maintain resiliency by creating a ransomware response playbook and training relevant team members and stakeholders on post-incident response measures. Regularly scheduled training exercises and incident simulations can help reinforce awareness and help make sure that if anything does happen, the consequences will be as minimal as possible.

A ransomware solution that accelerates your prevention and resiliency strategies

One powerful solution to address these two steps and bolster your ransomware resiliency is NTT DATA’s Healthcare Ransomware Readiness Accelerator. This comprehensive and customizable cybersecurity solution prevents ransomware attacks in four stages: Assessing and Planning, Deployment, Integration and Support. Each of these components work together to enable you to better assess and control any incidents that may arise.

Built by healthcare cybersecurity experts with deep industry experience, this all-around solution minimizes the time, cost and impact of breaches by accelerating prevention capabilities and enabling you to take full control of the situation in the event of a ransomware attack. By providing protection for essential metrics such as patient safety and PHI security, organizations can avoid any negative effects on brand image, patient and stakeholder trust and regulatory scrutiny.

Talk to us for a more detailed assessment of your organization’s ransomware readiness and how you can accelerate your cybersecurity capabilities against ransomware today.