Ransomeware is a huge risk for healthcare organizations, especially after a Los Angeles-based hospital paid $17,000 to retrieve their information back from hackers earlier this year.
Here are 10 ways to reduce ransomeware risk based on a Health Data Management report:
1. Educate the workforce about the consequences of their actions, including clicking an imbedded link that will send fake phishing emails.
2. Ban personal email and website surfing on company devices and instead have employees connect to the internet on personal smartphones or tablets for personal use on a "guest" wireless network.
3. Back up data with a longer retention schedule; retain at least two months worth of full disc pickups and make sure workers put data on a network drive instead of a local hard drive.
4. Develop incident response procedures to address the most common attacks.
5. Filter internet traffic closely, especially from abroad and quarantine or block messages from newly-created domains, as most attackers use domains less than 72 hours old to launch the phishing emails.
6. Review and update access rights on the network drives.
7. Continue to update next-generation anti-malware with new tools that can block more sophisticated threats.
8. Implement Advanced Persistent Threat tools and processes to prevent future harm.
9. Make improvements to the Intrusion Prevention Systems to block the computer numeric control system communication and prevent harm.
10. Maintain software patches for operating systems and applications for vulnerable versions of PDF viewers and flash players.