Are You Protecting Yourself Against Ransomware?

November 14, 2023

The rise of digital health care has had its benefits over the years, bringing hospitals and other medical facilities into the modern age. We are far from the days of sending faxes from one wing of the hospital to the other and hoping someone happens to be standing by the machine.

This digital wave has had clear benefits, but we also know it has led to other security issues that we must prepare for. Just last week, the federal government provided an advisory about another emerging digital threat that recently targeted a medical scanning and radiology company that services health care organizations around the country.

Notably, the Office of Information Security and the Health Sector Coordination Center warned about the emergence of the BlackSuit group and strain, which uses a “a double extortion method that steals and encrypts sensitive data on a compromised network.”

We know ransomware is always lurking. Beyond the damage to patient care and services, these attacks come with steep costs. A recent report indicated health care data breaches are the most expensive by sector, costing $10.1 million on average.

“The value of (health and public health) data, in particular, signals that the health care industry will remain a viable target to this threat actor,” the BlackSuit alert noted last week.

If you’re worried about the rise of ransomware and data breaches, your best defense is to stay prepared. The cybersecurity advisory released last week recommended an array of best practices. Here are some key questions your team should consider:

• Do you have an inventory of your assets and data?
• When was your last audit of event and incident logs?
• Who has administrative privileges and how is access granted?
• Who is monitoring your network ports, protocols, and services?
• Are your software systems up to date?
• Have you whitelisted approved software applications?
• Have you enabled multi-factor authentication?

These are just a few of the questions for your team to consider. We know that our cybersecurity preparation never ends, and our only option is to always be ready. If you’re interested in learning more, the Cybersecurity and Infrastructure Security Agency has a guide to help health care organizations prepare and respond to these attacks.

For more information about cybersecurity in health care, contact me or HAP’s Emergency Management team for more information.