By: Michael Grzesik, Infrastructure Security Specialist
It’s back to business as usual for the hacked hospitals that were highlighted in my last post. Undoubtedly, they have learned a big lesson from the events just weeks ago. January, February and March were busy months for healthcare data breaches. Here’s an update:
- Mercy Iowa City, IA – the hospital reported a computer virus designed to capture personal data infected some of its systems. They could not rule out the possibility that an outside source accessed “limited” patient information, clinical information, plus birth dates and Social Security numbers.
- Hollywood Presbyterian Medical Center, in California – they waited three weeks before finally paying the cybercrooks $17,000 to decrypt their files. Paying is a decision even the FBI agrees is sometimes the only option.
- Methodist Hospital in Henderson, KY – IT was forced to transfer web services to a backup system while the main system was frozen by the ransomware. They were able to get data back without paying the crooks. Methodist was hit with the same ransomware as Hollywood Presbyterian, a version called Locky which is spread through email attachments. It encrypts all the data on an infected system and then deletes the original files.
Believe it or not, there is something you can do to prevent these types of attacks on computer networks. The safeguards involve some traditional methods of managing computer systems in addition to some newer technologies. If you set up different layers of security to prevent threats from 1) reaching a computer and 2) running on a computer to attack it, you stand a better chance of fending off malware and viruses.
Consider the Cloud
Utilize online services that help with e-mail spam blocking, web content filtering, and DNS security. There are many vendors that provide Internet “Cloud” security services to combat spam and web browser attacks. How do you know if they are worth the money? If they have a research group that is actively looking at global threats in addition to a global monitoring network to analyze those threats, then it is likely worth the investment. Protecting your network from the outside moving inside is the first place to start.
Block the Bad Guys
Cybercrime is organized crime, only online. Certain netheregions of Europe and Asia are home to hacker groups and they want to own your network from afar. Consider geo-blocking the Internet IP addresses of those countries that you don’t need to do business with, right at your firewall.
Secret Agents
Antivirus was all the rage years ago. But that is client-based protection for your computer system files, and it only works marginally against today’s attacks. The latest threats are knocked down by endpoint agents installed on your computer, which are tied to larger next-generation firewalls and malware filtering cloud systems. These agents protect laptop computers and mobile devices even when they leave the security of your network. Regardless, real-time endpoint security is where it is at nowadays. If you don’t have something else running other than AV, you are missing the security boat.
Back to Basics
Make sure computer systems are up-to-date and patched and then back up your data. Back up the operating systems for quick recovery and then religiously back up the files that are stored on file shares.
Also be certain the files you have on your network are protected with some type of file-security system and ACL policies. Ransomware attacks love open file “shares” that have no security. That’s how they propagate from one computer onto the network.
Choose a Framework
There are several technology security frameworks in addition to HIPPA, PCI, NIST, ITIL and COBIT to help you set the tone for your computer and network security. Some are free and others require an investment. Whichever you choose, these frameworks are basically a “blueprint” for building an information security program to manage risk and reduce vulnerabilities. Just be aware, there is a difference between information security and technology security. They can overlap, but have different objectives. On the technology side, the NIST Cybersecurity Framework, the SANS Top 20, and CIS Benchmarks can help you understand the basics of locking down computers and networks.
The 5 “P’s” of Success – Proper Planning Prevents Poor Performance
Have a plan if you do get attacked. A Fortune Top 20 company analyzed ransomware attacks from last summer and determined if you disable the user account that opened the email and started the attack you could shut down the attack on the network file system. Planning and knowledge equal power.
Conclusion
From online to in-house, a top to bottom security posture will help you meet today’s cybersecurity threats head on. A balance of tools that leverage new technologies and old school tactics can keep attackers at bay. Whatever the cost, you have to take your game to the next level. The hackers already have.