Ransomware accounts for over 85 percent of malware attacks in health care. What advice would you give to professionals in the industry to protect themselves from a ransomware attack?

The vast majority of ransomware attacks are untargeted attacks distributed through various attack vectors over the internet. These attacks are aimed to infect internet-facing computers and consequently to spread throughout the network. My advice would be to protect the internet-facing nodes with firewalls and IPS/IDS, which are effective safeguards. Additionally, I would make sure that the organization has an effective patching process in place, which mitigates most vulnerabilities. Patching is not an available practice when it comes to some types of network assets (such as medical devices), which require specialized security controls.

Many of these attacks go undetected for quite some time. What are some of the biggest signs that an attack may be taking place?

One of the biggest challenges in cybersecurity is detecting an attack as quickly as possible. This could be the difference between a massive breach causing severe damage and a small-scale incident. The biggest sign that an attack is taking place is usually a combination of several security-related events occurring in close proximity. The security events could be internal network assets communicating with an unexplained external IP, an internal network node trying to communicate with a restricted internal network node, multiple failed attempts to enter a password, etc.

In health care, the danger of an attack going undetected is greater than in other industries, since medical assets are “invisible” in the network because they use dedicated protocols and are difficult to fingerprint. This increases the chance of attacks traversing the clinical network going unnoticed.

Employee negligence was found to be one of the root causes of cybersecurity attacks in health care. Are there any ways that health care employees can ensure that they are being secure online?

Similar to other industries, health care requires constant usage of the internet for day-to-day activities such as reading academic materials, email correspondence, etc. The difference is that in health care, not only does this put the internet-facing computer at risk, but also critical clinical assets containing PHI and providing patient care.

There is no way to entirely ensure online safety (other than not going online at all, which is unacceptable in this day and age). However, organizational processes such as cyber awareness training and anti-spam tools can be effective.

Ultimately, if cybersecurity measures are not taken seriously, what do health care businesses, hospitals and patients stand to lose in a ransomware attack?

Health care organizations are charged with safeguarding patient data and providing safe patient care. A successful ransomware attack could potentially paralyze medical devices, thus disrupting hospital activities and putting patients at risk. This is exactly the reason why cybersecurity in health care is so important and should be considered an organizational priority.