In response to the rising threat of ransomware in the healthcare industry, Comport, a cloud computing and Healthcare IT Solutions Company, held discussions with top healthcare CIO’s discussing ransomware protections that they may want to consider.
Many healthcare companies are putting budgets asides for ransomware. The problem with this trend is that it increases the threats because cybercriminals know that it will be easy to get the money they are asking for. Instead, we suggest some of the following best practices for hospitals looking towards cloud solutions to avoid ransomware attacks.
- Activity monitoring. Ransomware can be detected before it makes itself known (which is when it is too late to stop the ransom) with the proper activity monitoring in place. Activity monitoring systems scans the meta information of digital files in the cloud and reports activity signatures that are indicative of a threat. Most hospitals do not have this in place, but it is more important than ever to know what is on your system and detect threats early.
- Moving into the cloud. Many companies mistakenly believe that keeping server maintenance in house is a better security option. The cloud can have better security than what most SMBs can afford on their own. In addition, many are leaning towards managed private cloud options to take away the heave maintenance lift while keeping their data close to the vest.
- Employee training. Many ransomware programs make their way into the hospital infrastructure through an innocent looking email attachment opened by an untrained employee. Hackers can easily create an official looking email that plays on the life and death situations that hospitals often encounter. Regardless, hospitals must also train their people to recognise potential phishing scams and other potential hazards.
- Consistent backup. Ransomware attacker’s gain considerably less leverage if the files they try to hold for ransom are duplicated somewhere else. Files are not like people – they can be completely and totally copied. It is always in the best interests of a hospital to use a cloud service like DRaaS or BaaS to automatically update all important data to a location that will be unaffected should your systems get infected.