If you are looking to subscribe to one of the hottest software as a service (SaaS), keep in mind that you may have to pay in bitcoin. Why bitcoin? Because hackers don’t take American Express. I’m talking about ransomware as a service (RaaS). The most recent victim of RaaS is Kansas Heart Hospital.
What is Ransomware as a Service?
For those of you who aren’t yet familiar with ransomware it’s basically malware with a twist. Once it has infected your computer system it will display a message that restricts access to part or all of your systems. In many cases the ransomware will have already encrypted your files. In order to get the encryption key and retrieve your data you need to follow a specific set of instructions that involve monetization into bitcoin and a payment deadline or else you risk losing the ransomed data forever.
We’re almost halfway through 2016 and we can be rest assured that 2016 will be named the year of ransomware. And it will only get worse if healthcare companies around the country don’t find a way to prevent this nasty type of malware from infecting their networks. Since IT policy and data security aren’t at the top the to-do list of many healthcare executives, businesses may be tempted to pay the hackers. It makes sense if mission critical systems that determine life and death are down.
Protection Against Ransomware
So how do healthcare IT pros deal with this rising cybercrime epidemic? Unfortunately, the answer isn’t as easy as setting up a demilitarized zone (DMZ) within your business infrastructure. Although important to have, antivirus and firewalls will only protect a small percentage of your network. Locking down user access to only essential folders and files and employee awareness training isn’t going to guarantee results, but heck, it’s a start.
Your users are busy. You’re busy. We get it. Fire drills happen every day that take away from strategically thinking about ways to tackle more complex, long-term issues like socially engineered phishing attacks that lead to inadvertent ransomware infections.
There’s no hindsight in an IT toolbox. When Cerber starts asking your staff for bitcoins, you’ll be wishing you had 20/20 vision. Don’t wait for a ransomware infection before deciding what medicine to take to stop the bleeding.
The point is that many of these attacks can be prevented with awareness, diligence and accountability. You may have to get creative in how you roll out an IT security plan, but it’s necessary. Everyone in a business is accountable for security and it should never rest entirely on the shoulders of IT. And let’s face it, email should never be considered a safe form of communication. Let along a ubiquitous one. Maybe we can help.
During our upcoming June 2nd webinar John Houston, VP of Privacy and Information Security at UPMC, will be sharing strategies healthcare IT professionals can embrace to make their businesses more secure.