Prevention
The majority of ransomware attacks start with a phishing email or a remote desktop protocol compromise, so it’s critical that all employees are constantly aware of cybersecurity threats.
- Companies can ensure that employees are using strong passwords and multifactor authentication when logging into accounts.
- Patching operating systems that might be old is crucial, as unchecked legacy systems can lead to vulnerabilities.
- Make cyber awareness training mandatory for employees and teach them best practices.
Preparation and response
Preparing for a potential attack will ensure that if a cybersecurity threat occurs, the organization will be ready.
- Prepare for all eventualities, knowing who will lead your response team and make decisions about whether to pay hackers. Communicate this plan to board members.
- When an attack hits, the first thing a hospital should do is call law enforcement for disclosure. It should also seek external counsel and insurers and inform other stakeholders.
- Investigate alternatives to payment and try to understand who is behind the attack and how much information they have, as this will help with negotiation.
