Ransomware attacks have increased amongst healthcare organizations, especially during the pandemic. Cybercriminals have profited by using phishing emails and other threats to expose patient data and asking for a high ransom to return the sensitive data.
The recent ransomware attacks have led the U.S. government to establish a task force to address the rise in cybercriminal activity.
“Malicious actors increasingly exfiltrate data and then threaten to sell or leak it—including sensitive or personal information—if the ransom is not paid,” the fact sheet explains. “These data breaches can cause financial loss to the victim organization and erode customer trust.”
Read more: The cost of ransomware attacks
Preventing ransomware attacks
CISA recommends numerous safeguards to prevent a ransomware attack on an organization’s network. The first recommendation is to maintain offline and encrypted backups of data. “It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups,” according to the fact sheet.
Read more: Is HIPAA employee awareness training enough?
Other recommendations to prevent ransomware attacks include conducting regular vulnerability scanning, keeping software updated, and creating and maintaining a cyber incident response plan.
Protecting sensitive and personal information
The fact sheet notes that “organizations storing sensitive or personal information of customers or employees are responsible for protecting it from access or exfiltration by malicious cyber actors.”
CISA recommends that you:
- Know what personal and sensitive information is stored on your systems and who has access to it
- Implement physical security best practices
- Identify the computers or servers where sensitive personal information is stored
- Encrypt sensitive information at rest and in transit
- Implement firewalls
- Consider applying network segmentation
- Ensure cyber incident response and communications plans include response and notification procedures for data breach incidents
Responding to ransomware-caused data breaches
In the event that your safeguards fail to prevent a ransomware attack, CISA recommends executing your cyber incident response plan to secure network operations and prevent further data loss.
The following steps should also be taken:
- Determine which systems were affected and immediately isolate them
- If—and only if—affected devices cannot be removed from the network or the network cannot be temporarily shut down, power infected devices down to avoid further spread of the ransomware infection
- Triage impacted systems for restoration and recovery
- Confer with your team to develop and document an initial understanding of what occurred
- Engage your internal and external teams and stakeholders to inform them of how they can help you mitigate, respond to, and recover from the incident
CISA discourages organizations to pay the ransom demanded by cyberhackers. “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities,” says the fact sheet. “Paying the ransom also does not guarantee that a victim’s files will be recovered.”
Read more: To pay or not to pay for stolen data
Consider Paubox for your healthcare email security
One of the most common ways that ransomware infiltrates a system is through phishing emails. Humans are prone to make errors, which makes email a convenient access point for cyberhackers.
Paubox Email Suite Plus is the email security solution for protecting your network against ransomware attacks. It offers robust inbound security tools that prevent threats like phishing emails from even entering an employee’s inbox. Instead, malicious messages are quarantined for further review. It also includes our latest patent-pending security feature, Zero Trust Email, which requires another layer of verification before any email is delivered.
Paubox also encourages HIPAA compliant email by sending encrypted emails by default. Your employees will be able to use it easily since it can seamlessly integrate with your current email provider, including Google Workspace and Microsoft 365.