PROACTIVE STEPS TO COMBAT A RISING THREAT
Over the past few weeks, the government and malware protection companies such as Symantec has been alerting everyone of a large ransomware/ malware attack being focused on the healthcare industry. It is mainly focused at hospitals, but the alerts include companies that support them as well. Ransomware primarily spreads due to failures in technical vulnerability management, poor information security baselines, and an organizational lack of information and security awareness.
One of the keys to successfully preventing a malware attack is by maintaining executive level visibility of the threat landscape on a continuous basis through industry standard threat reporting sources such as the US Computer Emergency Response Team (US-CERT). When a critical threat is discovered, organizational technology leadership immediately shifts primary focus and priorities to identifying the attack vector, indicators of compromise, and points where an attack can be stopped within the cyber kill chain. It takes a proactive approach to prevent malware from infecting other machines and minimize the likelihood of spread.
A secondary measure to cultivating success is to secure a third-party vendor to perform monthly vulnerability checks on its datacenter environments. All systems are monitored for file integrity to validate that the operating system and software files have not been modified. This provides additional assurance that an information technology system remains up to date, protected and monitored in accordance with industry best practices.
A security configuration baseline is yet another method that has been developed in alignment with best practices from HIPAA and PCI DSS. Any deviations from this baseline should be approved and documented by your information security team. Changes in the infrastructure should be monitored through an intrusion detection system. This tool tracks any changes and relates them to an approved change control.
If a healthcare system and/or supporting company employs these methods and measures, they will exceedingly reduce their threat for a cybersecurity attack. Beyond these components, the threat can be most easily be thwarted from within the company by employing the phrase, “if you see something, say something”. It is of utmost importance that employees understand they are the first line of defense and to report any suspicious activity to their technology officer. With these things in mind, we will all have a safer environment in which to work.
Five tips to maintain high level of security:
- Limit the number of individuals with enterprise wide domain admin rights
- Have a rigorous change control process with a security impact analysis
- Be prepared with contingency planning
- Utilize a third party for risk assessment on an annual basis to ensure internal security
- Notify your employees of potential risks and educate them on email enticements
Taylor Duderstadt is the Chief Information Officer at iMedX