News Update: healthcare organizations are being hacked 24/7. Those experiencing a ransomware attack can feel similar to having your home burglarized.
In many cases, targeted hacking is financially motivated to hold data hostage and make payroll. Hackers target executives because they have a lot of access to secured information. With more user IDs and passwords available on the dark-web today than ever before, being hacked has become significantly more likely than in the past.
We want to share a few common vulnerabilities we are seeing and what you can do to further secure your environment. Here are three things you can do if you are under a ransomware attack:
Prevent Hacking and Ransomware
Training, Training, and more Training: Remind all workforce members about the dangers of email phishing. Even if the organization considers yourself to be the Fort Knox of security one wrong click from a staff member could result in a significant breach. Here are key ways to avoid falling victim to ransomware via email phishing:
- Be suspicious of emails and messages especially if the urgently request personal information.
- Think before you click any links.
- Regularly update your computer, email and applications.
- Never share personal information online.
IT controls must be working properly TODAY:
- Enable logging on all your systems (databases, email, file servers, network firewalls, cloud services, etc.) and store those logs for at least 3 months.
- Enable Multi-Factor authentication to make is even harder for a password to be guessed and an email account to be hacked.
Implement all HIGH-RISK remediation plans found in your most recent HIPAA Security Risk Analysis (SRA).
- HIPAA One tracks HIGH RISKS and provides instructions on what to do for anti-malware, firewall, web-content filtering, inactive users, and service accounts commonly used to access the network.
- Email reminders to out weekly to those assigned to remediate and update risks the SRA.
Conduct periodic Penetration Testing
Recover from Hacking and Ransomware (without paying any ransom)
- Make sure backups are occurring and stored offline and test a restore procedure to simulate a complete lock-down of all your servers, at least quarterly.
- Physically separate backup files from the servers and network to avoid having backups also encrypted by ransomware.
Know What to do During a Hacking Attack and Ransomware
Have a plan in the event of a hacker-attack, ransomware attack or any other security incident:
- Here is an example of procedure to follow should you have a security incident (Security Incident Response Plan workflow).
- Disconnect servers from the network, do not turn off. Contact a forensics firm (HIPAA One does this). We will download the memory of the servers and see if we can locate the decryption key and save the day (it happens!).
If security is not top of mind for all organizations, it should be. Taking no action given enough time will guarantee your organization will experience a hacking incident.
Questions? Comments? Please contact us to get secure and compliant today. Also, feel free to post below your ransomware or hacking experiences below!