But relying on bitcoin — and acceding to blackmail — is hardly a long-term solution to the threat of ransomware. Willingness to pay perpetuates a corrupt and dangerous system. In Mr Frantz’s opinion, the key to fending off ransomware is, instead, building in many layers of protection for each system. Hospitals must ensure adequate employee training, which starts with teaching the entire staff to recognize and avoid phishing attacks. But even a highly trained team is never going to be impenetrable.
So, of necessity, there are a number of second-line defenses every hospital or medical system should employ. Antimalware — some level of protection against ransomware using antivirus software — is important. So is the use of more complex passwords.
General security testing provides another level of protection. “Penetration testing — hiring people to try to break into the system — shows how ransomware can spread easily [through a particular system] and [identifies] where to close loopholes,” says Mr Frantz. Network monitoring represents yet another level of protection. This involves developing ways to block attacks from spreading laterally within a system. With network monitoring, hospitals can learn quickly if there is a systems breach. “You’ll never be able to stop all attacks. But you need enough insight and enough capability to respond in a timely manner,” says Mr Frantz.
In the event of a ransomware attack on a medical institution or office, regularly scheduled back-up and remote storage of medical records can help to mitigate damage. Even if a hospital is temporarily shut down, records that document recent patient care and hospital scheduling can help quickly restart the system. Mr Neiditz warns that as back-up systems have to connect to a network, they also can be contaminated. Mr Frantz notes, however, that such a scenario is unlikely to occur if the back-ups are kept offline and stored in a safe remote location.
No strategies are perfect for completely protecting hospital systems from ransomware attacks, says Mr Frantz. “There’s no magic solution against this line of attack. But if you do your due diligence, follow best practices, and don’t be negligent, you’ll be in a lot better shape.”
- Burgess M. Hacking the hackers: everything you need to know about Shadow Brokers’ attack on the NSA. Wired website. http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers. Published April 18, 2017. Accessed July 2017.
- Herman B. Details of Anthem’s massive cyberattack remain in the dark a year later. Modern Healthcare website. https://www.cancertherapyadvisor.com/home/cancer-topics/general-oncology/. Published March 30, 2016. Accessed July 2017.
- Incidents of ransomware on the rise: protect yourself and your organization [news release]. Washington, DC: Federal Bureau of Investigation; April 29, 2016. https://www.fbi.gov/news/stories/incidents-of-ransomware-on-the-rise. Accessed July 2017.
- Paul. FBI’s advice on ransomware? Just pay the ransom. The Security Ledger website. https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom. Published October 22, 2015. Accessed July 2017.