The hospital and healthcare industry met quite a few challenges involving ransomware in the last year. Reports of malware infecting machines in medical facilities took over news channels. The reality even infiltrated popular culture when Grey’s Anatomy ran an episode where ransomware was an integral part of the storyline. We all laughed a little when the Chief of Surgery, Miranda Bailey, said she could afford 4,932 bitcoin without her knowing that the amount equated to $20 million. It became all too real for Grey-Sloan Memorial, and their example was a great depiction of what was really going on in the medical world.
Hospitals are an easy target because they use computers for almost every function. They use tablets for patient’s records, machines to monitors someone’s heartbeat, and computerized boards to keep everyone on schedule. As soon as an attack strikes, they are at the mercy or their attacker. The hospital has to decide to revert to paper without access to their patient’s records, thus potentially causing a mistake that could cost someone’s life or send the patients over to other hospitals in the area which is quite cumbersome.
In January 2018, Hancock Regional Hospital’s computer was compromised by a hacker who demanded bitcoins as ransom. The infamous SamSam infector requested four bitcoin, totaling around $45,000. At the time, the hospital was experiencing a huge influx of patients forcing them to pay out the ransom for the keys. They were desperate to get back online to tend to the increase of persons being admitted due to an awful flu season and snow storm.
Just like Hancock Regional Hospital, other medical facilities do not have the time to negotiate with the hackers because they are experiencing potential deaths of patients, that is why hospitals are such an easy target.
IT software for the healthcare industry to mitigate potential attacks
Hancock Regional Hospital is just one example of medical facilities that have been attacked in the last few years. During the first six months of 2017, organizations accounted for 42 percent of all ransomware infections, up from 30 percent in 2016 and 29 percent in 2015. This shift was
mainly accounted for by WannaCry and Petya.
[You may also be interested to read "Ransomware: From Rags to Riches"]
Hospitals need to protect themselves from potential attacks as well as keep up with compliance since they hold the personal data of patients from around the world. In a busy facility, one solution is not enough to keep their equipment and data safe.
Healthcare networks typically have various points of access, and some of them are not very secure. These, of course, include computers and tablets, but they also include a variety of different medical devices, part of the vast IoT world. These entry points can make hospital systems particularly vulnerable if they are not protected by hospital security software that monitors the network and prevents malware from entering the system.
One way to mitigate that risk is by ensuring all of the machines in the facility are up to date on their patches. That might seem like a difficult feat, but you can use software like GFI LanGuard to inventory, identify risk, and deploy patches from one console. Many attacks occur because systems are out of date and hackers exploit a vulnerability. Your business is less likely to be a victim if all of your machines are kept up to date with their patches.
Regulations force hospitals, clinics, and other healthcare facilities to adhere to strict privacy and reporting rules. These facilities still have to maintain communication with patients, insurance companies, and other healthcare settings. In some treatment centers, unintentional errors by employees are just mishaps that are waiting to happen.
Good healthcare compliance software can monitor all types of communications and even block any information from being sent if this is against regulations or hospital policies. This could include any data that exits or enters the facility via fax, emails, and other types of communications. Compliance may require that documents be faxed because they need their original signature. The thought of standing next to the fax machine is daunting but with technology like GFI Faxmaker, if you have email, then you can fax.
Medical facilities also need to keep an eye on information being taken without permission. With GFI EndPointSecurity, you can monitor when an external device is connected to your network. You can also stop information from being transferred without authorization. Foreign devices do not stand a chance if you are ten steps ahead of the culprit.
Patient record archival
Patient records have become almost entirely electronic these days. Patients are more likely to see a doctor call up their data on a laptop or handheld device than to see a doctor bring in a paper file. Healthcare facilities have to employ fast, safe, and efficient storage software for these archived records. Archiving can all be done with GFI Archiver. The system allows for intelligent reporting, and it is already configured to run reports that comply with HIPAA, SOX, and GDPR.
Currently, a lot of the focus of the healthcare industry is on digital records, computerized devices, and even electronic diagnostic systems otherwise known as the IoT. Because of this, healthcare computer technology is rapidly expanding, still evolving, and is also sometimes quite vulnerable because attackers know that the data stored is of high value. The right IT software for healthcare companies should keep both patients and healthcare facilities healthy.
[You may also be interested to read "5 Tips to Protect Critical Infrastructure in the Age of IoT"]
If you think that getting all of these solutions to protect your business would be expensive, think again. With GFI Unlimited, you can access a full library of business-proven network security and communications for one low price per user. The GFI Unlimited arsenal includes GFI LanGuard, GFI EndPointSecurity, GFI Archiver, GFI FaxMaker and more.
(This blog post originally appeared on TechTalk by GFI Software)