How to Defend Your Network Against Ransomware

Think like a detective. A loved one is in the hospital and (Most Healthcare Practices). You are visiting and the normal daily processes are continuing about like nothing is wrong. A conversation between two nurses catches your ear. They mention briefly about some information being held for ransom and no one can access their computers. The gears in your brain begin to click. You remember reading something online about this virus, but what was it called? Ransomware, which is when hackers take down an entire hospital system with a software that blocks access to a computer or network and holding patient electronic health records hostage until they receive payment.

How to Defend Your Network Against the Ransomware VirusYou are not alone in this mission. In the past year, over 4,000 ransomware attacks per day have occurred. IT Healthcare used to be safe from these attacks, until now. Due to the information stored in networks of healthcare facilities the hackers are going after Healthcare Networks more than any other compeer networks, it is about 80% of attacks are targeted against Healthcare. IT teams for hospitals are now working on their defense systems to prevent such attacks. Prevention strategies include having the proper firewalls, application visibility, web content filtering, IDS/IPS, anti-virus (malware scans), role-based access control, and having a security strategy based on education is key in order to ensure the preparedness of your hospital’s network during ransomware attacks.

It seems like this hospital were prepared for such an attack. When you read an online blog post about ransomware, they discussed a plan of action for immediate attacks that side blinded the hospitals IT team. Now what did that article suggest doing?

During a malware attack, think clearly and follow these immediate actions.

6 Immediate Actions during an Attack

  1. Classify the infected systems in your network, remove them and place them offline.
  2. Do a complete wipe and restore within the infected systems using reliable backups.
  3. To ensure information is saved, run a backup of all of your network’s data
  4. Limit your end users from being able to access and open any suspected malware until you are certain that the threat is recovered.
  5. Be cautious and assume that all attachments could be potential threats.
  6. Make sure to run the latest updates of your systems, including the latest patches.

Once the ransomware attack has been recovered, take immediate action to prevent such attacks from happening again by implementing the next steps.

5 Post Attack Actions

  1. Bring up to date your best practices and implement an end-user security education program.
  2. Create a specific team whose main tasks are security monitoring and educating your end-users.
  3. Put in place an emergency response system that has the ability to shut down your network.
  4. Consider implementing some level of managed services to bolster your current IT team to ensure you have the visibility and control you need.
  5. Check if you Medical Billing is accurate (unless you are using an outside Medical Billing Service)
  6. Do a marketing damage control. Medical practice marketing.

Collaborate with experienced wireless service providers to perform a security assessment of your entire network system, to evaluate your preparedness to industry standard benchmarks