Ransomware prompts hospital boards to invest more money in cybersecurity
Ransomware has plagued healthcare provider organizations for quite some time. The onset of COVID-19, in fact, has brought even more attacks.
Steve Smerz is Information Security Manager at Halo Health, a provider of a clinical collaboration platform that includes secure messaging, video, voice, alarms and alerts designed to make it easy for clinicians to connect.
He says he sees a willingness from hospital and healthcare system boards to increase resources for cybersecurity teams as ransomware continues to nail healthcare organizations in the second half of 2021.
According to Smerz, hospitals are ideal targets for ransomware threat actors. They have large amounts of data that can be encrypted and impacts the running capacity of hospitals, dollars in the bank to pay ransom, and a board that is not as tech savvy as those in other industries.
Smerz sat down with IT health news to talk about how hospital boards are taking a new look at cybersecurity, how hospitals are adapting to ransomware attacks, and the priorities CISOs face when faced with ransomware.
Q. Where do you see hospital boards increasing the priority given to cybersecurity and spending dollars in the cause of security?
A. Most IT managers will argue that security has long been a priority. This has been a fundamental priority. And yet, the threat level has evolved, as have the methods used by attackers – and their sophistication. It’s up to the IT managers and the healthcare systems they support to keep pace, which is of course a challenge even under the best of circumstances. Safety is a risk that no one is prepared to take.
These decisions and the associated investments of seven or more digits become matters at the board level. This is why we have seen cybersecurity technology develop at such a rapid rate – there are so many needs and opportunities for solutions.
In addition, modern healthcare systems rely more than ever on interoperable technologies. So with a recording system like an EHR – a data capture system that serves as a hub – dependent systems can be affected. All of this creates challenges for health systems.
Q. Why do ransomware threat groups continue to attack hospitals?
A. There are three main factors involved in becoming a ransomware target: typically money, a critical use case, and an access point. And health systems have all three. First, the money: Hackers target organizations such as healthcare systems that have or are perceived to have enough funds to pay a ransom.
Then a critical use case: Protecting the health and well-being of patients is a built-in critical use case, which creates pressure to react quickly to the attack. Frankly, they’re looking for an urgent / emerging environment that relies on information to make decisions. Accessing information when a patient codes or has an anaphylactic reaction, or in the operating room, are all pressing issues – and if clinicians are unable to access the original recording system , this is very problematic.
And an access point: the attacker needs an opening to enter the organization’s network. Many healthcare facilities use on-premises networks, which can become vulnerable to attack as they age. And health systems are remarkable examples of people working together, quickly, in busy and sometimes difficult scenarios.
This is in addition to a chance for a staff member to click on an email that looks real or fall into the trap of sophisticated phishing efforts. The result is that every hospital or healthcare system is potentially at risk of a ransomware attack. No one should assume that this will not happen to us.
Q. How are hospitals adjusting to being affected by these attacks to continue care despite blocked EHRs?
A. First, hospitals and healthcare systems should implement a layered ‘safety in depth’ approach.
Today’s ransomware attacks also illustrate the need for redundancy that allows organizations to keep operating while recovering from the threat.
Communication is fundamental and when the internal network is compromised, alternatives are needed. This is where a separate communication layer is beneficial. Cloud-based clinical collaboration platforms provide a secondary communication channel outside of the core EHR infrastructure, allowing teams to continue providing patient care.
To click on a deeper level, hospitals and healthcare systems often use on-premises servers or private cloud infrastructure to support EHR. However, clinical collaboration platforms operate on an infrastructure separate from the EHR, often with their own security paradigm based on an external secure cloud platform, which uses geographically dispersed data centers to provide data security and support. high availability for maximum availability.
In a BYOD policy organization, healthcare team members use their own private devices, which is an additional point of differentiation from the main hospital network. These devices can continue to communicate by operating on cellular networks when Wi-Fi networks are not available.
Either way, whether the organization relies on shared devices, BYOD, or other mobile device policies, a clinical collaboration platform allows team members to continue to communicate in real time. to provide and act on critical information, such as stroke and sepsis alerts.
Q. What should be the top priorities for CISOs in healthcare provider organizations when dealing with ransomware?
A. While there are many priorities, the continuous area of exposure that changes shift, new hire by new hire, is people.
One of the biggest vulnerabilities in systems and hospitals is with the workforce, as most successful ransomware attacks start with people. Thus, education and training, exposure to social engineering and phishing methods are at the heart of any ongoing protection program. We need to help our people keep up as the methods of attack evolve.