By Shridar Subramanian
While cybercriminals promised to stop ransomware attacks on healthcare organizations during the pandemic, it never really happened.
According to Health IT Security, the U.S. healthcare sector was the most targeted globally in Q3 2020, with attacks doubling year-over-year. And the costs are measured in millions of dollars and increased risks to priceless patient privacy (and your reputation).
With cyber-attacks continuing to evolve and proliferate, healthcare providers need to look at how they can prevent their organization from suffering the damages that result from ransomware. The following are some ransomware prevention strategies that healthcare providers should consider to keep both company and patient data safe.
1. Filter inbound emails
Quest Imaging Solutions provides all major brands of surgical c-arms (new and refurbished) and carries a large inventory for purchase or rent. With over 20 years in the medical equipment business we can help you fulfill your equipment needs
There are lots of choices for email filtering solutions that can serve as your first line of defense. Healthcare providers should look for software or filtering services that proactively scan and block spam, virus, and other threats in real-time before they can wreak havoc. Some use artificial intelligence (AI) to keep up with new threats and adapt defenses, while others use a Bayesian filter to detect and block personalized spam emails. It’s also worth choosing a solution that is easy to manage via a web browser, with customizable settings.
2. Keep firmware up to date
Software patches are frequently driven by newly discovered vulnerabilities. Healthcare organizations need to establish a regular assessment plan to confirm that all their critical applications, databases, and servers run the latest firmware. And immediately patch any that aren’t.
3. Evaluate security systems and firewalls
With more and more remotely connected devices—including IoT devices that present new potential vulnerabilities—healthcare organizations need to ensure that their endpoint security systems and firewalls work as expected. They also need to make sure that these protections are sufficient to keep their data secure, compliant, and available at all times. For organizations with remote workers, it’s more important than ever that these users connect to your network via a secure virtual private network (VPN). Along the same lines, they need to ensure all patient records and patient processing systems are protected by encrypting all their data—both at rest and in transit.
4. Train people
Cybersecurity education should be a core element of an overall data protection strategy. Team members must be trained so they can spot suspicious emails, attachments, or SMS attacks. They need to be educated and tested on social engineering attacks to understand that they should never click on a link or download an attachment unless they are 100% sure it is from a known sender. And they should have a general understanding of best practices for protecting devices and data.