Health care organizations are constantly challenged to invest adequate resources in IT technology and services. This inside account of a ransomware attack (CryptoWall) and one organization’s response to it sheds some light on the importance of implementing preventative and mitigation strategies that can help you develop proper response plans when your organization experiences a security incident, such as a ransomware attack.
Earlier this year, we blogged about another flavor of ransomware, Crytolocker, whose creators have used to extort an estimated $30 million in ransom money from businesses who paid to re-gain access to their own files. (Read our earlier post here). In that post, Eagle recommended health care organizations take both proactive and reactive steps to protect against ransonware like CryptoLocker, which have the potential to spread quickly and result in widespread data loss.
This inside account, shared recently in the SpiceWorks Community, is written from the perspective of the system administrator who discovered a ransomware attack in the works and led the response effort at his organization. This account is technical in nature and gives insight into the type of response capability that healthcare organizations need.
Because of the rapid response as well his organization’s robust backup and data recovery capability, this organization was able to recover from the attack with limited damage and minimal data loss/downtime.
Here are the key takeaways from this recent firsthand CryptoWall account:
- Enact Preventative measures to reduce your risk
- Most malware now comes from malicious downloads from the web. Web filtering software can work hand in hand with your acceptable use policy to control what content can be accessed. Also, specific sites known to create vulnerabilities be can be white-listed to protect users from accidentally falling victim to malware
- Malware is still spread via email. Spam controls should be enabled in your email program. In addition, security awareness training for your staff can cut down on the likelihood of an attack by educating users on how to avoid clicking on links that could download malware.
- Plan and implement Mitigation strategies
- Always have multiple generations of your server backup, in appropriate increments (in the case above, where the organization relied heavily upon their computer system, they had an automatic backup done every 2 hours)
- Keep your backup files isolated and accessible only using high privilege credentials
- Develop and test Response strategies
- Make sure your IT team has the ability to rapidly respond to contain incidents. In this case study, it is important to: 1) quickly recognize that an incident has occurred, and 2) craft the response plan.
Healthcare organizations are well advised to learn from the experience of others and be aware that these situations could happen to you. Certain investments, like measures to prevent and respond to ransomware attacks, are a necessary cost of doing business these days.
Regarding security incidents, the question is not “whether” they will occur but “when.” If organizations are armed with the capability to respond quickly, and have taken appropriate preventative measures especially a robust backup and recovery capability, both damages and system downtime can be minimized when the inevitable incident occurs.
