What Facilities Can Do to Prevent Ransomware Attacks

Jeannine LeCompte, Compliance Research Specialist

Ransomware is no joke. According to the “2019 Breach Briefing” issued by the risk management arm of insurance giant Beazley, the largest ransomware demand in 2018 was for $8.5 million, while the largest ransom actually paid that year was $935,000. A ransom of that size can cause disaster for many smaller facilities, so it is critical that the issue of ransomware be given high priority.

There are many security measures that facilities can implement to help mitigate or prevent the damage from ransomware attacks.

The HIPAA Security Rule requires security measures that can be helpful in preventing, detecting, and responding to cyberattacks. Facilities should:

conduct risk analyses to identify risks and vulnerabilities
implement a risk management process to mitigate identified risks and vulnerabilities
regularly review audit and system activity logs to identify abnormal or suspicious activity
implement procedures to identify and respond to security incidents
establish and periodically test contingency plans including data backup and disaster recovery plans to ensure data is backed up and recoverable
implement controls to limit access to electronic protected health information (ePHI) and encrypt as appropriate
implement a security awareness and training program, including periodic security reminders, education, and awareness of implemented procedures concerning malicious software protection, for all staff

A recent phishing scam involves emails which claim to be from the US Equal Employment Opportunity Commission (EEOC). It not only uses the recipient’s name in the email, but also their place of employment, and tells them a complaint has been lodged against them. If opened, it installs a banking Trojan to steal credentials along with installing additional malware. In some cases it’s been used to deliver various ransomware variants.

While it is true that many ransomware attacks are sophisticated, the sad truth remains that the majority of attacks are carried out due to vulnerabilities that could have been easily prevented. In this regard, the following cannot be overemphasized:

– Staff should be put through rigorous and repeated training about phishing campaigns to help them recognize phishing attacks.

– Staff should refrain from clicking on links or opening attachments delivered in unexpected or unsolicited emails.

– The facility should have a firm policy of segmented and offline backups to prevent malware from spreading and infecting them.

– Remote Desktop Ports, known as “RDP ports,” should be closed down or have multi-factor authentication installed. RDP ports are software programs built into most operating systems which allow computers to talk to each other—and by default, some are “open.” This is a very common entry point for malicious software, and any large facility’s IT system should have this issue firmly under control.

– Operating system updates are not there to annoy users. They have a practical application, which often is to patch identified vulnerabilities which could allow malicious software to enter a system.

Many ransomware attacks are due to not having a system in place to regularly check for updates, or because the individual system operators failed to ensure that all updates are installed.