With the rise of Ransomware attacks, Healthcare organizations are taking action, but what’s the best response to ensure sensitive data is protected? Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Variants of ransomware have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s system has been locked or that the user’s files have been encrypted.
The Root Cause of Data Breaches
SC Magazine recently reported on the newly released Ponemon Institute’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. The report showed 50 percent of healthcare providers polled named cyber-criminal attacks as the root cause of a data breach they experienced in the past two years, compared to 45 percent in the 2015, and as little as 20 percent when the survey first debuted in 2011. Furthermore, Ponemon found that hospitals are most concerned about distributed denial of service (DDOS) attacks (48 percent), following by ransomware (44 percent) and malware (41 percent). 89 percent of surveyed healthcare providers experienced a data breach in the last 24 months.
In a recent chat, John Houston, VP of Information Security at University of Pennsylvania Medical Center (UPMC) said a sound security strategy protects his organization from attacks. Like other hospitals, his organization has been under attack, over 3000 in the last 6 months, but there’s been no negative impact. He says he doesn’t have single program to combat Ransomware, but relies upon a security strategy he implemented years ago. And it’s working.
The foundation of the successful security strategy he implemented was not some new security technology, but a core organizational change. He organized his 50-person IT security team into 3 security groups to maximize coverage of evolving threats. Of course, this won’t work for every healthcare organization, particularly smaller IT teams, but it provides insight into effective IT security strategy.
Shared Responsibility for IT Security
The three security teams focus on specific aspects of security. Each security team is responsible for staying up to date on evolving threats, emerging technology, and best practices for their specific area.
The technical security group is responsible for technologies for security vulnerability and defense in depth. They also run the Security Operations Center (SOC). Next, the network security group is responsible for network security tools. Lastly, the human factors security group owns identity management, privacy management, and social engineering.
The latter team has been instrumental in protecting UPMC from data loss as cyber-criminals change tactics from brute force attacks to stealing credentials and other social engineering attacks.
To learn more about the security strategy basics that John Huston has successfully implemented, check out this on-demand HIMSS webinar, Combatting the Epidemic of Healthcare Data Threats.*
*The webinar has been approved by HIMSS for up to 1 contact hour of continuing education credit toward renewal of the CPHIMS credential.