However, Gibson counters, many healthcare organizations are still wary of placing sensitive patient data in the cloud. One alternative, he says, is to segment online backup in a separate non-cloud system that uses a protocol that the malware is not trying to utilize.
“A lot of ransomware is looking for network shares and directly accessible systems,” he says. “If you have a backup that’s using a different protocol, the malware might not be able to reach that.”
An ounce of prevention …
Healthcare organizations can also protect themselves by using advanced malware detectors that quickly tip off security personnel when an intrusion occurs. Older antivirus software, McMillan notes, searches for malware with known signatures; but the newer forms of malware, including ransomware, lack those signatures. So the advanced detector searches for anomalies rather than just signatures.
“It can segregate that attachment or email or other delivery mechanism and put it in a quarantined area where it can be inspected,” he notes. “Most advanced detectors will block the unknown piece of code at the perimeter and send it to the cloud for analysis. If it’s harmless, it’ll send it back and let it through.”
Gibson agrees that every organization should have a “gateway server that filters email and Internet traffic.” The only problem with opening up attachments in a safe area to search for malware is that, in some cases, the ransomware is not executed until it contacts the server that sent it. So it might sit there and do nothing until an organization allows it into its network.
To protect against ransomware and other kinds of malware, says Gibson, every healthcare organization should assess its security vulnerabilities. “It’s important to have a security risk assessment and instant response plan to combat these types of threats,” he says. “HIPAA requires a risk analysis, so many of these controls and defenses should already be in place. Then it’s just a matter of continuing your security risk assessments on a continuous basis to meet new threats and enhance your security controls.”
Sign up for Computerworld eNewsletters.