By Shridar Subramanian
While cybercriminals promised to stop ransomware attacks on healthcare organizations during the pandemic, it never really happened.
According to Health IT Security, the U.S. healthcare sector was the most targeted globally in Q3 2020, with attacks doubling year-over-year. And the costs are measured in millions of dollars and increased risks to priceless patient privacy (and your reputation).
With cyber-attacks continuing to evolve and proliferate, healthcare providers need to look at how they can prevent their organization from suffering the damages that result from ransomware. The following are some ransomware prevention strategies that healthcare providers should consider to keep both company and patient data safe.
1. Filter inbound emails
Numed, a well established company in business since 1975 provides a wide range of service options including time & material service, PM only contracts, full service contracts, labor only contracts & system relocation. Call 800 96 Numed for more info.
There are lots of choices for email filtering solutions that can serve as your first line of defense. Healthcare providers should look for software or filtering services that proactively scan and block spam, virus, and other threats in real-time before they can wreak havoc. Some use artificial intelligence (AI) to keep up with new threats and adapt defenses, while others use a Bayesian filter to detect and block personalized spam emails. It’s also worth choosing a solution that is easy to manage via a web browser, with customizable settings.
2. Keep firmware up to date
Software patches are frequently driven by newly discovered vulnerabilities. Healthcare organizations need to establish a regular assessment plan to confirm that all their critical applications, databases, and servers run the latest firmware. And immediately patch any that aren’t.
3. Evaluate security systems and firewalls
With more and more remotely connected devices—including IoT devices that present new potential vulnerabilities—healthcare organizations need to ensure that their endpoint security systems and firewalls work as expected. They also need to make sure that these protections are sufficient to keep their data secure, compliant, and available at all times. For organizations with remote workers, it’s more important than ever that these users connect to your network via a secure virtual private network (VPN). Along the same lines, they need to ensure all patient records and patient processing systems are protected by encrypting all their data—both at rest and in transit.
4. Train people
Cybersecurity education should be a core element of an overall data protection strategy. Team members must be trained so they can spot suspicious emails, attachments, or SMS attacks. They need to be educated and tested on social engineering attacks to understand that they should never click on a link or download an attachment unless they are 100% sure it is from a known sender. And they should have a general understanding of best practices for protecting devices and data.