<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Ransomware Attacks On the Rise

Kevin Conklin| May 18 2016

| security

rise-of-randsomeware-attacksWith the rise of Ransomware attacks, Healthcare organizations are taking action, but what’s the best response to ensure sensitive data is protected?  Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Variants of ransomware have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s system has been locked or that the user’s files have been encrypted.

The Root Cause of Data Breaches

SC Magazine recently reported on the newly released Ponemon Institute’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. The report showed 50 percent of healthcare providers polled named cyber-criminal attacks as the root cause of a data breach they experienced in the past two years, compared to 45 percent in the 2015, and as little as 20Combatting-Healthcare-Data-Epidemic-SQ percent when the survey first debuted in 2011.  Furthermore, Ponemon found that hospitals are most concerned about distributed denial of service (DDOS) attacks (48 percent), following by ransomware (44 percent) and malware (41 percent). 89 percent of surveyed healthcare providers experienced a data breach in the last 24 months.

In a recent chat, John Houston, VP of Information Security at University of Pennsylvania Medical Center (UPMC) said a sound security strategy protects his organization from attacks.  Like other hospitals, his organization has been under attack, over 3000 in the last 6 months, but there’s been no negative impact.  He says he doesn’t have single program to combat Ransomware, but relies upon a security strategy he implemented years ago. And it’s working.

The foundation of the successful security strategy he implemented was not some new security technology, but a core organizational change.  He organized his 50-person IT security team into 3 security groups to maximize coverage of evolving threats.  Of course, this won’t work for every healthcare organization, particularly smaller IT teams, but it provides insight into effective IT security strategy.

Related Article: 4 Ways to Deal with IT Complexity

Shared Responsibility for IT Security

The three security teams focus on specific aspects of security. Each security team is responsible for staying up to date on evolving threats, emerging technology, and best practices for their specific area.

The technical security group is responsible for technologies for security vulnerability and defense in depth. They also run the Security Operations Center (SOC). Next, the network security group is responsible for network security tools. Lastly, the human factors security group owns identity management, privacy management, and social engineering.

The latter team has been instrumental in protecting UPMC from data loss as cyber-criminals change tactics from brute force attacks to stealing credentials and other social engineering attacks.

To learn more about the security strategy basics that John Huston has successfully implemented,  check out this on-demand HIMSS webinar, Combatting the Epidemic of Healthcare Data Threats.*

*The webinar has been approved by HIMSS for up to 1 contact hour of continuing education credit toward renewal of the CPHIMS credential.

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Kevin Conklin

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.