It’s a sad fact that criminals often prey on the most vulnerable. This was proven true in the ransomware attacks that impacted LTPAC facilities during November. Not only were the facility operators victimized, but sudden lack of access to medical records profoundly impacted their ability to care for patients and residents.
This incident was first reported by journalist and investigative reporter Brian Krebs. More than 100 facilities were impacted, and the ransomware cut off access to critical systems, including access to patient records, client billing, phone systems, internet service and email. The scope of the attack was audacious. The threat to peoples’ lives was deplorable. But most galling to us, as IT service providers, is that the incident was so preventable. More on that below.
Why Healthcare is Such a Tempting Target
In this case, the perpetrators were identified as a Russian gang, an adversary well-known among security experts. What’s clear here is that criminals don’t care that their actions could actually endanger peoples’ lives. They go after healthcare because lives are at stake, and they know that many healthcare organizations don’t have extra dollars around to invest in security.
Smaller and mid-size organizations are often the targets of choice. Health systems serving smaller communities, community hospitals, group medical practices, specialty centers, rehabilitation providers and dental practices have all been ransomware targets. Some have even had to close their doors after an attack.
A Few Ounces of Prevention Can Go a Long Way
Here are some of the ransomware prevention measures that we recommend and put in place for our clients. These are standard security practices, and aren’t necessarily more expensive than what you’re doing right now.
- Enact an anti-ransomware group policy on computers. Use a Windows Group Policy Object that prevents unknown executable files from running in temporary folders or in the AppData folder. Almost every single ransomware variant we have seen runs from one of these locations.
- Segregate cloud resources. Use a provider that can deliver a private hybrid cloud — not a public cloud where your data and applications are pooled with those of other companies. That protects your company in case another becomes infected with ransomware. You don’t want their problem becoming your problem—and everybody else’s.
- Separate backups from network shares. The ultimate protection against ransomware is maintaining regular and up-to-date backups so you can restore from them if an attack encrypts your data and makes it unreadable. But don’t store your backups on your network, accessible through a mapped drive, or the attack could compromise your backups, too.
- Bolster your endpoint protection. We’re presuming you already have antivirus in place. Because ransomware is a targeted attack, the criminals take care to alter their executable files, so signature-based antivirus isn’t very effective. Consider switching to an endpoint protection product that employs a “defense in depth” strategy rather than just relying on signatures.
At FIT Solutions, we supply IT services to many senior care organizations including assisted living and LTPAC facilities. We urge you to implement the tips above; you can do them yourself. Of course, if you’d like help, you can always call us at (888) 339-5694. We’d be happy to partner with you to protect your organization from ransomware.