Think of the last time you went to the doctor or hospital – did you go because you were ill or had an accident, or did you go to see how secure your personal data is?
Most likely, your primary concern is on your health and you’re not thinking about the security of your personal data. But according to the news cycle, you should be concerned as headlines continue to be dominated by new ransomware attacks threatening the security of healthcare information. In fact, one place ransomware is “sure to strike” is the Internet of Things and medical devices, as they remain a “tempting target” due to their “lack of sufficient protections.”
Also, I’m sure you’ve heard of WannaCry, which had a crippling impact on the UK’s National Health Service. For example, with WannaCry, hospitals were effectively being shut down and even turning away non-emergency patients due to the breach. And it’s not just large hospitals and organizations that are at risk. Healthcare organizations of all sizes are especially vulnerable, due to the fact that often times, they have fewer IT resources because the main focus of the healthcare profession is primarily delivering high-quality patient care.
But why healthcare? The answer is simple – just think of the treasure trove of social security numbers and other extremely personal information that could be had.
Ultimately, ransomware impacts not only a healthcare organization’s operational efficiency from an IT perspective, but trickles down into the organization’s ability to care for patients. And ransomware doesn’t need to be incredibly sophisticated to infiltrate an organization. Frequently, ransomware’s point of entry is human error! Just think of how easy it is to mistakenly click on an email that seems perfectly normal or from a trusted source. Awareness is definitely key for protecting organizations and their employees from potentially hazardous behavior that may seem harmless, like clicking on suspicious web links. When it comes to security, better-educated and well-trained employees are less likely to invite ransomware into their network.
But that’s not all that can be done. Looking at data collected from Osterman Research and Barracuda Networks, Inc., there are several ways to protect an organization against ransomware, which must be implemented to maintain the integrity and security of data:
1. Be aware that you are at risk. Understand that you and your organization are not exempt – everyone is a target. Cybercrime does not discriminate and is an industry with extensive targets – from large to small organizations.
2. Keep systems updated. Older software and technology could be an easy entry point for an attack. Applications and systems should be up-to-date using the latest patches from vendors to protect against threats.
3. Back it up. In the unfortunate event you do get infiltrated, a backup system lets you recover from attacks and quickly get back to business. While not all data may be recovered, frequent back up of files and systems can minimize data loss and get you back to the business of patient care. And don’t forget to ensure that clinicians can easily access the file backups! Install a mass communication tool that send alerts to all affected clinicians and front line staff with convenient links to the appropriate clinical data.
4. Put policies in place. Healthcare organizations should implement detailed and thorough policies for email, Web, collaboration and social media to be explicitly followed. Encryption should be paramount – especially if content contains sensitive or confidential information. With strict policies in place, employees are limited to tools and processes when accessing corporate resources and therefore less likely to click through on ransomware or phishing attempts.
5. Keep an eye on mobile. Hospitals and healthcare organizations are well aware of the fact that mobile devices are one of the best ways to improve collaboration and communication. However, with personally owned devices, you can’t be sure that people are doing their security updates or installing only reputable apps.
The bottom line is this – you can’t leave security up to chance. Best practices have to be put into place to mitigate phishing and ransomware attempts. In addition to these best practices, the healthcare industry should leverage technologies and solutions that allow for the successful management of secure data, which includes containerization, secure file sharing, crisis communications and enterprise mobility management solutions. By looking to protect an organization in both practice and technology, the healthcare industry can ensure it’s ready for the next wave of ransomware attacks.
About Sara Jost RN
Sara Joined BlackBerry in 2010 and is the Global Healthcare Industry Lead responsible for healthcare strategy, business development, marketing and sales programs. She has over 14 years of healthcare experience, including Neuroscience Researcher specializing in stroke and migraine at Queen’s University in Kingston, ON. She was also a High Risk Labour and Delivery Registered Nurse at Sunnybrook Health Sciences Centre in Toronto, ON. Sara worked for Healthanywhere, a mHealth start-up, starting and managing 13 mHealth programs across North America and in the UK. Sara has a BScH in Life Sciences from Queen’s University and a BS in Nursing from University of Toronto.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.