Health Tech

Federal Agencies Release New Guidelines to Help Providers Fend Off Ransomware

A group of federal agencies recently released an updated set of guidelines to help healthcare organizations protect themselves from ransomware attacks and the data breaches that often follow. The guidance lays out best practices to prevent the six major ways that bad actors gain access to providers’ systems, which include compromised credentials and phishing.

A group of federal agencies recently released an updated set of guidelines to help healthcare organizations protect themselves from ransomware attacks and the data breaches that often follow.

The guide was authored by the Federal Bureau of Investigation, National Security Agency, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center. The organizations’ recommendations were grouped by the following six ways that bad actors gain access to providers’ systems.

Sponsored Post

Physician Targeting Using Real-time Data: How PurpleLab’s Alerts Can Help

By leveraging real-time data that offers unprecedented insights into physician behavior and patient outcomes, companies can gain a competitive advantage with prescribers. PurpleLab®, a healthcare analytics platform with one of the largest medical and pharmaceutical claims databases in the United States, recently announced the launch of Alerts which translates complex information into actionable insights, empowering companies to identify the right physicians to target, determine the most effective marketing strategies and ultimately improve patient care.

Access vector #1: Internet-facing vulnerabilities and misconfigurations

To avert attacks originating from this access vector, the guide instructs healthcare organizations to conduct regular vulnerability scanning to limit their attack surface. Many vulnerability scanning services, like the one offered by the Cybersecurity and Infrastructure Security Agency, are free to use.

Providers should also limit the use of remote desktop services and ensure that they are regularly patching and updating their software and IT systems to the latest available versions. In addition, healthcare businesses must guarantee that all devices — whether they are on-premise, cloud-based, mobile or personal — have security features enabled. 

Access vector #2: Compromised credentials

There are a few actions providers can take to prevent ransomware attacks that stem from compromised credentials. Most of these recommendations have to do with usernames and passwords, such as instating policies that require unique passwords of at least 15 characters, disabling browsers’ capabilities to save passwords and enforcing account lockout policies after a certain number of failed login attempts.

The guidelines also advises providers to use identity and access management systems, as well as consider subscribing to monitoring services that search the dark web for compromised credentials.

Access vector #3: Phishing

One of the best ways to prevent against phishing attacks is to mandate a user awareness and training program for employees, according to the guide. 

Healthcare businesses can also take some action within their email server — such as ensuring that external emails are flagged and filters are in place to delete emails with known malicious subject lines or file types that commonly contain malware.

Access vector #4: Precursor malware infection

To prevent precursor malware infection, healthcare organizations should use cybersecurity products that block unauthorized software and deploy these on all of their assets. These products include allowlisting and/or endpoint detection and response solutions, according to the guide. Providers must also activate automatic updates for their antivirus and anti-malware software and signatures.

For further protection, providers can also deploy an intrusion detection system to find command and control activity and other potentially malicious network activity.

Access vector #5: Advanced forms of social engineering

Some advanced forms of social engineering include search engine optimization poisoning, advertisements that coax users into visiting websites that will steal their data, and seemingly legitimate websites tricking users into unintentionally downloading malicious code.

Employees’ cybersecurity awareness training is a huge part of preventing data breaches that stem from advanced forms of social engineering. The guide also gives a couple other suggestions for healthcare businesses to take note of: using a protective domain name system that is meant to block malicious internet activity at the source and implementing sandboxed browsers to protect against malware that comes from web browsing.

Access vector #6: Third parties and managed service providers

The first step healthcare organizations can take to address this access vector is to review the cybersecurity practices of the third parties or managed service providers with which they partner. If a third party or managed service provider is responsible for maintaining and securing a provider’s backups, the provider must ensure this company is adhering to best practices.

Additionally, healthcare businesses should create policies letting third parties and managed service providers know that they only have access to devices and servers that are relevant to their role and responsibilities.

Photo: Traitov, Getty Images