Though ransomware continues to affect organizations across all sectors, its impact on healthcare has been devastating. Cybercriminals continue to target the parts of the industry that are most vulnerable – including hospitals already stretched thin from the COVID-19 pandemic.

Hospitals manage an abundance of personally identifiable information and protected health data, so they are tasked with ramping up ransomware protections and handling information securely in the wake of evolving compliance regulations.

Healthcare IT News sat down with Dan Timpson, chief technology officer at Kaseya, an IT management software company whose products include IT security, to discuss some of the best ways for hospitals to handle the numerous security challenges they face – namely, seeking out technologies that can prevent, detect and mitigate account compromise and data loss.

Q. What are automated phishing defenses and how do they help stop ransomware attacks?

A. The healthcare industry continues to be one of the most targeted sectors by cybercriminals, because short periods of downtime can lead to detrimental patient outcomes. Automated phishing defense solutions can help to quickly detect and quarantine emails containing malware before employees can interact with them.

Automated phishing solutions detect both external threats and internal attacks like business-email compromise, which occurs when a cybercriminal gains access through credential compromise and assumes the identity of that individual – often sending emails to others in the organization requesting large monetary transfers or asking them to click a particular link.

Automated phishing-defense solutions analyze employees' email communications to identify trends and flag emails that may seem out of place: for example, a C-level executive sending numerous emails to a group of employees they do not communicate with regularly.

Automated phishing solutions also scan for irregularities in the content of messages in order to detect a possible attack. Once installed, automated phishing defense solutions use artificial intelligence to continue learning what may be a threat based on user interactions.

Q. How should CIOs and CISOs be monitoring the dark web to thwart ransomware attacks?

A. Cyberattacks on healthcare institutions have steadily risen since the beginning of the pandemic and are likely to continue because they are both lucrative and relatively simple – the technical capabilities required are low, the costs to acquire ransomware kits are negligible and the financial gains are high. 

Credential compromise is one of the most common ways that cybercriminals gain unauthorized access, as stolen information from data breaches is packaged and sold on the dark web.

By monitoring the dark web for threat intelligence about stolen user data, hospitals can be alerted when credentials appear, and work to immediately update them, to prevent a widespread data breach. CIOs and CISOs can partner with a number of cybersecurity specialists to begin monitoring the dark web for stolen credentials.

It's best for CIOs and CISOs to look for a cybersecurity specialist that provides dark web monitoring that integrates with existing alerting and remediation platforms to provide a holistic view of the company's security posture.

Q. How does a well-run security operations center work, and why is it important in protecting healthcare systems and data from ransomware?

A. Since health systems have been targeted specifically by cybercriminals over the past year, it's imperative that they monitor for suspicious activity across their entire IT environment. A security operations center provides 24/7 monitoring by trained cybersecurity analysts to detect threats across endpoints, networks and cloud attack vectors.

These cybersecurity analysts cut through the noise and focus on critical issues that need to be remediated, informing their teams about major threats as soon as they are detected.

A well-run SOC can effectively protect healthcare systems from cyber threats and prevent downtime, which can put human lives on the line. Last year, the first ransomware-related death was reported after a cyberattack occurred on a German hospital. Health systems must continue to prioritize the security of their networks to avoid similar incidents, and an SOC should be a critical part of their overall security infrastructure.

Q. How does compliance automation work, and how is this an effective tool against ransomware?

A. Medical institutions need to have multiple levels of security measures in place to ensure their patients' data remains safe. The exposure of patient data through a breach can result in significant fines, lawsuits and loss of reputation for hospitals.

By implementing an automated compliance solution, hospitals can ensure they remain compliant with HIPAA and various other regulations without spending hours on manual documentation processes. These solutions use automatic data collection and automatic data validation to save time and ensure accuracy.

Compliance automation solutions can help hospitals better assess the gaps in their current policies, making it easier to adjust their processes to keep patient data secure and their systems safe from ransomware. Compliance automation solutions can also help hospitals comply with cyber insurance requirements, as cyber insurance providers require significant proof of due diligence in order to approve a payout after a cyberattack has occurred.

Robust automated compliance solutions provide healthcare organizations with more than a checklist. They provide suggestions for corrective action and help organizations stay up to date on the ever-evolving laws and regulatory requirements required.

Q. Please describe identity and access management, and discuss its role in fighting ransomware.

A. With the rise of remote work, more employees are using personal devices to access work applications from home networks instead of through a more secure office network. Identity and access management is an aspect of IT security that focuses on managing user access to the data and systems within an organization. IAM is critical to a secure network, and many healthcare organizations are implementing IAM technologies as part of a larger move toward a zero-trust environment.

The implementation of IAM in hospitals allows IT teams to manage user rights in order to better understand who has access to what resources. By having more comprehensive knowledge of who has access to certain files, it keeps patients' data more secure, and reduces the likelihood of the information getting into the wrong hands.

To prevent unauthorized users from accessing sensitive data, hospitals must implement robust IAM solutions that include features like multifactor authentication. MFA provides an extra layer of security by requiring users to provide additional verification factors, on top of a password, to gain access to a resource.

This makes it harder for cybercriminals to use compromised credentials to log in to hospital applications. The more hospitals stay on top of user access, the less likely that cybercriminals will infiltrate internal systems and cause threats to hospitals' security.

Twitter: @SiwickiHealthIT
Email the writer: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.