Inside the Briefcase

The Key Benefits of Using Social Media for Business

The Key Benefits of Using Social Media for Business

Worldwide, there are more than 2.6 billion social media...

Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL

Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL

Register with code GARTITB and save $350 off the...

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

8,434 adults were surveyed to gauge consumer awareness of...

FICO Scales with Oracle Cloud

FICO Scales with Oracle Cloud

Doug Clare, Vice President at FICO, describes how Oracle...

Is Your Enterprise IT the Best It Can Be?

Is Your Enterprise IT the Best It Can Be?

Enterprise IT is a driver of the global economy....

Two Pronged-Approach for Defending Against Ransomware Attacks

January 18, 2017 No Comments

Featured article by Richard Henderson, global security strategist at endpoint security company Absolute

Ransomware in IT healthcare environments continues to be an unholy menace to the day-to-day operations of hospitals. I’ve spoken with healthcare groups not just in the UK, but around the world, who have been hit at very large scales, effectively suspending all frontline digital operations in healthcare environments. It’s terrifying to consider the potential real-world physical impacts to patients when doctors and nurses are all of a sudden unable to review charts or tests in order to provide urgent care.

Sadly, this has meant in many cases that hospital administrators just pay up – the amount of time to clean up and get back up and running can literally impact people’s lives. Criminals know this and are continuing to exploit this to their financial gain.

In the case of this latest attack on NHS, which is certainly not unique to them, it appears the majority of systems being hit are legacy Windows XP machines. In most healthcare environments, this is due to a number of factors: legacy tools, software, and equipment that just won’t run on newer operating systems; lack of support from vendors (or vendors who may not even exist anymore!); staggering costs that can’t be budgeted for to replace systems… all of these factors can make for very fat, juicy targets for cyber criminals.

Protecting against these attacks should focus on two major prongs: the people using them, and the systems themselves. On the systems side, where machines can’t be moved up to (at the very least) Windows 7, organizations should really start discussing moving these legacy systems to tightly-protected virtualized systems with an abundance of security controls built in to not necessarily stop an infection, but to stop it from moving to other systems. On the people side, as most ransomware continues to enter environments through email (attachments and links), a concerted effort by security staff to build better awareness of what ransomware is and how to spot suspicious emails is critical for success.

From a philosophical perspective, I’ve spoken with more than one healthcare security professional who is now treating desktop systems as 100% disposable. To them, the work stations themselves are now seen as nothing more than appliances that can be spun up or destroyed on demand, and at the first whiff of compromise, systems are yanked off the network, wiped, and re-imaged.

Sadly, the ransomware threat isn’t going anywhere, especially in healthcare. It’s far too lucrative for attackers to give up on it, and with the staggering amount of legacy systems out there inside these networks, the targets are just too rich for them to ignore.​

 

HEALTH IT, SECURITY

Leave a Reply

(required)

(required)


ADVERTISEMENT

Gartner IT Operations

SuperCharge Your Cloud

American CISO

IBC 2018

ITBriefcase Comparison Report







We have updated our Privacy Policy. Click here to preview.