Prepare for Ransomware 2.0, Experts Warn Healthcare Industry
After the events of the WannaCry attack unfolded over the course of a nerve-racking—and for some, devastating—few days in May 2017, ransomware has been on the minds of cybersecurity experts across the globe. And in the wake of recent attacks, experts are warning that so far the healthcare industry has only dealt with “Ransomware 1.0”—and needs to be prepared for when “Ransomware 2.0” hits, according to an article in Healthcare IT News.
“While we have become all too familiar with ransomware in the healthcare sector, we have ignored other forms of malware,” said Rich Curtiss, managing consultant at Clearwater Compliance, former hospital CIO, and liaison for cybersecurity vulnerability projects with the National Cybersecurity Center of Excellence, in the Healthcare IT News article. This new threat could take the form of a combination between ransomware and a worm, two different types of malware. Such a threat, dubbed a “ransomworm,” would allow the ransomware payload to move through internal and external networks via unpatched vulnerabilities, according to the article.
The poorly protected Internet of Things and medical devices make a tempting target for such a threat. “Any new malware strains will impact the medical devices due to a protracted software update process that leaves vulnerabilities unpatched or uncorrected for extended periods of time,” Curtiss said.
Suggestions for healthcare CIOs and CISOs looking to prepare their defenses against Ransomware 2.0 include patching operating systems and applications in a timely manner and improving control over medical devices. Because biomedical teams are the ones in charge of medical devices, Curtiss proposed bringing this team under the authority of the CIO in order to “ensure appropriate security incident response and compensating controls are affected for devices at risk of exploitation,” according to the article.
“Patching, privileged credential protections, network segmentation, asset isolation and perimeter protections” are all good cybersecurity hygiene practices that will help providers keep their systems secure, said Kevin Magee, global security strategist at Gigamon, in the article. The article also recommends that providers have a plan tested and in place for what to do in the event of an attack, in order to “ensure overall readiness to deal with a widespread attack should one occur.”
Sarah Sheber is assistant editor/web editor at Journal of AHIMA.