Ransomware is good business for those with no qualms doing harm to make quick money. Demonstrated by Hollywood (Calif.) Presbyterian Medical Center's $17,000 payout, hospitals are no longer immune, and cases of electronic medical records being digitally ransomed for cash are occurring more and more all over the world.
According to a new report from the Institute for Critical Infrastructure Technology, there are four main defenses healthcare organizations should be mindful of on a regular basis to mitigate the risk of such attacks:
- Have a dedicated information security team in place. An information security team is separate from an IT team, but the two must work together. The IS team is crucial for assessing risk, ensuring key assets are protected, identifying open vulnerabilities and monitoring and profiling the activities of potential threats.
- Train and sustain a culture of cybersecurity awareness. All staff members should be trained to identify and speak up about threats to organizational networks. Lapses in employee attention or judgment when it comes to checking email or visiting certain places online can result in a cybersecurity event. An organization's preparedness is only as strong as its weakest employee with network access.
- Layer your defenses against threats. No single solution is enough to face down cybersecurity threats, because there is no single product, protocol or solution that is capable of providing comprehensive reassurance. Rather, having multiple systems in place to fill in gaps is necessary.
- Enact policies and procedures that support cybersecurity awareness and action. Beyond personnel training and budgeting for adequate digital security systems, staff members with computer access should have a good understanding of appropriate and inappropriate behaviors. Policy guidelines can help give employees tips for recognizing suspicious activity, and cyber insurance policies can help insulate organizations from threats.