The DoD warns healthcare to be ready for an imminent cyber attack.
Last year, several federal agencies, including the HHS and the FBI, issued a joint cybersecurity advisory, warning healthcare organizations against an increased and imminent cybercrime threat. The advisory warned of Russian criminal groups targeting hospitals with Ryuk ransomware. CyberMaxx also advised our customers to warn them of Maze ransomware targeting Cognizant.
“The threat of a ransomware attack on healthcare organizations has never been more real, and the sophistication of bad actors and their attacks have grown tremendously over the last year,” says Thomas Lewis, CEO of CyberMaxx. “What makes these cyberattacks so potent is their ability to go unnoticed weeks or even months before they execute encryption of the victim’s data files. This gives malicious actors insight into the most valuable resources and systems which they leverage as ransom.”
Don’t think it could happen to your organization or that you don’t need healthcare cybersecurity solutions? To date, our friends at CrowdStrike found that threat actors targeting enterprise environments with Ryuk have netted over $3 million dollars since it was introduced in August. We’ve pulled together best practices and steps you can take to better protect your network from ransomware. There is no solitary solution that will protect your network, however implementing a combination of the below steps will help keep exposure to a minimum.
Provide End-user Education on Identifying Phishing Attacks
Create monthly user education and reminders to help end-users better spot suspicious emails and documents before it’s too late. Additionally, set up parameters so that employees have to pick a strong password and change them frequently – quarterly or bi-annually.
Expert Tip: disable macros for documents received via email. Phishing emails commonly attach macro-infected word documents that deliver ransomware and hold networks hostage.
Employ a Layered Security Approach That Maps to the Cyber Kill Chain
According to SANS, ‘Kill chain’ is a term originally used by the military to define the steps an enemy uses to attack a target. Lockheed Martin released a paper officially defining a Cyber Kill Chain.
The ability to gain visibility and enforce policy at multiple points on the cyber kill chain is a must for enterprise organizations. Many organizations rely on protections only in a few locations (i.e. relying solely on perimeter protections) which is not a good practice. Ensuring you have sufficient network, endpoint, server, and application visibility and enforcement, both on-prem and in the cloud, is a must.
Next-Generation Endpoint Protection Solution
With endpoints being one of the most vulnerable aspects of your organization, you want to deploy a best-in-breed solution. Next-generation endpoint protection solutions like CrowdStrike Falcon give users access to machine learning capabilities that give you the capability to spot suspicious files and indicators of an attack faster than anything else on the market.
Managed end-point solutions offer a dedicated cybersecurity team with experts who monitor end-points, perform strategic analyses, and detect behavioral anomalies. At CyberMaxx we’ve partnered with CrowdStrike and SentinelOne to provide a dynamic end-point solution that alerts users to potential threats while simultaneously taking action to prevent any damage to the endpoints.
Reduce The Surface Area of Attack
- Employ a Patch Management Policy that encompasses devices and software in your network.
- Keep a log of when they were last patched and keep to a patching schedule.
- Employ GeoIP Filtering which can help block internet traffic from countries you don’t do business with to reduce exposure.
- Leverage a Least Privileges Model. Restrict users to only the permissions that they need for their job functions, as this can limit the spread of ransomware and lateral movement.
- Ensure you have a Backup and Recovery Plan. Follow the old but time-honored ‘3-2-1’ rule for system/data backups: At least three copies, on two devices, and one offsite. Test the restoration process often to easily recover from a ransomware incident quickly.
- Employ Multi-Factor Authentication. This can help neutralize credential harvesting, protect passwords, help alert you to potential attacks and reduce lateral movement.
Expert tip: A basic reoccurring calendar invite can help hold you and your team accountable to a strict schedule for patching.
Monitoring Capabilities to Identify Malicious Activity 24×7
Leverage industry-specific threat intelligence. Finding a cybersecurity company that has expertise in your field means that you will have access to the most up-to-date comprehensive data on new/active threats.
A managed solution is also highly recommended considering the dynamic scope of IT security. With a rapidly evolving technology and cyberthreat landscape, it’s crucial to have the most knowledgeable team available. Extending your team and security through a managed solution ensures you have optimal 24/7/365 protection.