Ransomware, the act of holding an individual or organization’s data hostage, has been a concern in the corporate and political spheres for more than half a decade. But a number of industries have only recently come to discover the threat that such an attack can pose on operations.
Hospitals and other healthcare providers were recent victims as the WannaCry worm attack in May 2017 hit these organizations hard. Outdated systems and vulnerable machines like ventilators or MRI scanners left hospitals in England and Scotland open to devastating cyberattacks.
I have a lot of empathy for our customers in the healthcare market and the challenges they face. For about half of our customers at Zix, patient care is their core mission. Hospitals have enough mandates and agendas to manage already. As a result, costs and complexity involved in cybersecurity creates a heavy burden.
The bad news is that healthcare providers must be more aware of their vulnerability than ever before. The good news is that there are simple, cost-effective steps they can take to keep that vulnerability at bay.
Preparing for the Future
Thankfully, WannaCry’s immediate impact was fairly minor. But because ransomware attacks are now facilitated by nation-state actors, sophisticated criminal organizations, and untraceable cryptocurrencies, we can expect the frequency and severity of these attacks to only accelerate in coming years.
Even as they do, hackers realize that the exploits of the past are still just as effective today. Many of these attacks can be prevented through informed hospital staff members who know how to identify and avoid suspicious emails, but some bots could still get through.
Given the nature of hospital IT infrastructure, a large number of machines in hospitals are highly vulnerable to attack. Considering how urgent the response to something like a hacked MRI must be, medical devices will likely be enticing targets for future hackers.
Rather than waiting for the unthinkable to become unavoidable, healthcare providers can begin implementing updated cybersecurity strategies designed specifically with evolving threats in mind:
• Embrace the Cloud.
The cloud extends sophisticated security features to a larger number of users while lowering the overall cost for budget-conscious organizations like hospitals. Increasingly, only the cloud will provide the scale and flexibility that dynamic cybersecurity requires.
• Practice Good Governance.
A systematic approach to cybersecurity often yields better results than an expensive or untested approach. Focus first on protecting your most valuable assets, systems, and data. Basic inventory and patching will make a significant difference in lowering your vulnerability, and with routine backups and archiving, even infected hospitals can minimize the damage of a cyberattack.
• Phase Out Older Systems.
Older IT was likely not designed with security in mind. And even if an effort was made, many systems still in use are not being supported by the original provider. Until these older systems are phased out, entire IT infrastructures could be subject to massive vulnerabilities.
• Prioritize Email Security.
While attacks increase in sophistication, email continues to be the easiest opening into a network. An email security gateway — one that relies on a multi-layered approach and takes each email’s content into account — adds a lot to a hospital’s overall level of protection. Plus, it helps to compensate for any user errors that are harder to confidently eliminate.
Unfortunately, ransomware and other email-based attacks aren’t going away anytime soon, because hackers have found a way to make money from them. In all likelihood, the next major offensive is already in the works. Rather than waiting and worrying, healthcare providers can take steps now to prepare their cybersecurity and safeguard the health of every patient.
Zix has provided enhanced email security from a cloud-based platform for more than 15 years. More than 1,200 U.S. hospitals and 30 percent of Blue Cross Blue Shield organizations trust our solutions. With the addition of ZixProtect
, our advanced threat protection service for inbound email, and ZixArchive
, our cloud-based email retention service, we can easily extend our solution capabilities to better protect one of the most vulnerable tools in hospital’s network: email.