Ransomware and Healthcare

Two important events that needs guidance and solutions

1: The media coverage of ransom-ware largely came in vogue this February when Hollywood Presbyterian Medical Center in Los Angeles paid the equivalent of $17,000 in bitcoins to a hacker to regain control of its computer systems.

2: A month later, the Columbia, MD-based MedStar was forced to disable their computer network after a virus-prevented users from logging into the system. This is under the scope that a poll conducted by Health IT News and HIMSS Analytics found up to 75% of health systems could have been hit by ransom-ware over the past year. 

The reason why 75% of health systems are vulnerable are:
Ethics and integrity has a lot to do with this, not just mere lip service or a conference speech for shareholders is enough.  There is a major gap in this field.

• Security and Privacy controls are being handled by executives for most part who come from a fix a code era on the run; legacy systems world. Security and Compliance is not an IT issue, it needs to be moved from under IT & operations mind set. The CSO responsible for managing the Cyber Intelligence implications for a company and client must have a reporting line to the CEO and visibility to the board, who is responsible for Governance. IT must be a stakeholder, with the CEO, and all the other business units.

• There is a lack of governance and understanding about the importance of security and Data privacy especially among management. Most executives question what can go wrong if healthcare data is stolen? There are some leaders who present fabricated rosy reports to the clients’ IT leadership and compliance office. They firmly believe it is okay to copy the data from one client and present to another client. Internal breeches escalated to the ethics committee falls over deaf ears. This lapse of governance behavior sounds like the Enron days are in the works again!!

• Continuous Monitoring and assessments are needed but they fall prey to ignorant sales leaders who are interested in selling expensive solutions/products to meet their sales quota rather than doing the right thing first and gain the client’s trust to cross-sell and up-sell.

Just to name a few precautionary measures below to monitor the following on a regular basis to avoid ransom attacks

1. Employee behavior. Access management and password management are critical areas to be monitored and assessed on an ongoing basis.
2. Regular updates to on/off boarding and access management policies/procedures.
3. Periodic Important files backup on your machine
4. Do not open strange emails from unknown entities
5. Configure spam settings on your machines accurately
6. Update security patches
7. Avoid too many wireless device connections to your machine
8. Shut down your machines at the end of the day to avoid nocturnal attacks

Security in today's turmoil times does not just need a technical pen tester expertise, but a solid pair of eyes and mind that can look at the holistic strategic  approach across the cyber intelligence ecosystem and ask the tough questions.