NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
October 23, 2020

Securing Healthcare from Ransomware Attacks

Justin Fimlaid Justin Fimlaid

October is National Cyber Security Awareness Month, and one of the main themes for 2020 is Securing Internet-Connected Devices in Healthcare. Securing IT devices in healthcare is critical, as any system downtime can lead to deaths and degraded response to emergencies. One of the biggest cyber threats to healthcare organizations in recent years is ransomware attacks which can lead to system-wide IT outages and take out internet-connected medical devices like CAT scanners and X-Ray machines that are critical for diagnosing patients, as well as servers that hold medical records. Securing against ransomware is one of the most important aspects of cyber security for healthcare providers.


What is Ransomware?

Ransomware is a type of attack designed to infect and encrypt computer systems to hold them “ransom” until a payment is made. Once the ransom is paid, the ransomware operators will sometimes (but not always) provide a working decryption key to regain access to the system. These ransomware attacks can effectively shut down entire organizations until the systems can be decrypted, and often ransomware operators will take the ransomware payments and run, leaving organizations with unusable encrypted systems. Ransomware attacks are becoming increasingly sophisticated and will often utilize other malware like Emotet for the initial compromise and TrickBot to locate and deploy ransomware to critical systems.

Ransomware and Healthcare

The healthcare sector is especially susceptible to ransomware attack because organizations cannot allow system downtime due to the risk of patient death and have a higher rate of paying ransoms than other sectors. Some ransomware operators have stated that they will avoid attacking healthcare organizations in 2020 due to the COVID-19 crisis but ransomware campaigns against healthcare targets continue to occur. The first documented case of a patient dying from a ransomware attack occurred on September 2020 in Germany, and in the same month Universal Health Services had a large portion of their network taken offline by a ransomware attack in one of the largest recorded attacks on a US healthcare network. Protecting healthcare IT environments from ransomware attacks is critical to ensuring patient safety and maintaining availability of essential services in healthcare facilities.

Protecting Healthcare Infrastructure from Ransomware Attacks

Mitigate Phishing Attacks

Phishing, sending fraudulent emails to execute malware or steal personal information, is the most common attack vector utilized by ransomware attacks. Training employees to never open links or files from untrusted sources and to identify and report phishing emails, is a great first step to mitigating phishing attacks. Additionally, employing email scanning and filtering is an effective way to block phishing emails before they can get to an employee’s inbox. Deploying an endpoint security solution is a good way to identify and quarantine malware dropped by a phishing email before it can spread to other machines on a network.

Employ Robust Network Segmentation

Flat networks allow ransomware operators to move laterally, mostly uninhibitedly and extremely quickly, and a robustly segmented network is crucial to containing a breach and inhibiting movement. Make sure to keep zero trust in mind when implementing access control to different segments of the network to ensure that the least privileged permissions are being used. Segmented Networks can dramatically decrease the scope of a ransomware breach and can protect critical systems such as networked medical devices and medical records from attack.

Monitor Environment for Threats

Utilizing a Security Operations Center (SOC) is a great way to detect ransomware attacks before they can spread and deploy encryption to targets. Threat detection solutions such as SOCs can monitor a network and identify a malware campaign in real time, allowing for a quick and decisive remediation before ransomware attack can propagate and encrypt systems. SOC teams can augment traditional security controls and catch events that slip through the cracks of a firewall or automated IDS solution.

Implement Secure Backups

In the event of a ransomware attack, being able to quickly restore data from backups is critical to responding to an attack and getting systems back up. Restoring from backups is often the quickest (and cheapest) way to recover from a ransomware attack and allows an organization to completely bypass interacting with ransomware operators to get systems back online. Ransomware operators have recently been seeking out local backups to encrypt along with the original targets to knock out the ability to restore from backups, so backups should be stored off-site and adequately isolated. Test the backup and recovery process regularly to ensure that there will be a smooth recovery if an attack occurs. Backups are not useful if you are unable to recover data from them!

Conclusion

Protecting against ransomware is a critical aspect for any healthcare provider. Making sure that phishing attacks are mitigated, internal networks are robustly segmented, the environment is adequately monitored for threats, and backups are secured and ready to go are some of the best things you can do to prevent and mitigate ransomware attacks and protect patients. Looking for a risk assessment, a penetration test, or just want some advice? As your end-to-end security provider, NuHarbor is here to help!

Follow us on Social Media for more information:

Twitter facebook LinkedIn instagram

[hubspot type=form portal=9212203 id=78ed4f55-84a0-4cb8-bae7-8d92e16878ab]

Included Topics

  • Compliance
Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

1 min read
Third-Party Security in the Healthcare Industry [Infographic] Read More
Compliance 2 min read
10 Strategic Security Metrics to Help Manage Your Information Security Program Read More
1 min read
Bringing SIEM to the Next Level Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.