Inside the Briefcase

2017 State of Technology Training

2017 State of Technology Training

Pluralsight recently completed an in-depth survey of 300 enterprises...

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

with Srivats Ramaswami, 42Q
In this interview, Srivats Ramaswami,...

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

with Sander Barens, Expereo
In this interview, Sander Barens...

IT Briefcase Exclusive Interview: The Tipping Point – When Things Changed for Cloud Computing

IT Briefcase Exclusive Interview: The Tipping Point – When Things Changed for Cloud Computing

with Shawn Moore, Solodev
In this interview, Shawn Moore,...

Driving Better Outcomes through Workforce Analytics Webcast

Driving Better Outcomes through Workforce Analytics Webcast

Find out what’s really going on in your business...

Two Pronged-Approach for Defending Against Ransomware Attacks

January 18, 2017 No Comments

Featured article by Richard Henderson, global security strategist at endpoint security company Absolute

Ransomware in IT healthcare environments continues to be an unholy menace to the day-to-day operations of hospitals. I’ve spoken with healthcare groups not just in the UK, but around the world, who have been hit at very large scales, effectively suspending all frontline digital operations in healthcare environments. It’s terrifying to consider the potential real-world physical impacts to patients when doctors and nurses are all of a sudden unable to review charts or tests in order to provide urgent care.

Sadly, this has meant in many cases that hospital administrators just pay up – the amount of time to clean up and get back up and running can literally impact people’s lives. Criminals know this and are continuing to exploit this to their financial gain.

In the case of this latest attack on NHS, which is certainly not unique to them, it appears the majority of systems being hit are legacy Windows XP machines. In most healthcare environments, this is due to a number of factors: legacy tools, software, and equipment that just won’t run on newer operating systems; lack of support from vendors (or vendors who may not even exist anymore!); staggering costs that can’t be budgeted for to replace systems… all of these factors can make for very fat, juicy targets for cyber criminals.

Protecting against these attacks should focus on two major prongs: the people using them, and the systems themselves. On the systems side, where machines can’t be moved up to (at the very least) Windows 7, organizations should really start discussing moving these legacy systems to tightly-protected virtualized systems with an abundance of security controls built in to not necessarily stop an infection, but to stop it from moving to other systems. On the people side, as most ransomware continues to enter environments through email (attachments and links), a concerted effort by security staff to build better awareness of what ransomware is and how to spot suspicious emails is critical for success.

From a philosophical perspective, I’ve spoken with more than one healthcare security professional who is now treating desktop systems as 100% disposable. To them, the work stations themselves are now seen as nothing more than appliances that can be spun up or destroyed on demand, and at the first whiff of compromise, systems are yanked off the network, wiped, and re-imaged.

Sadly, the ransomware threat isn’t going anywhere, especially in healthcare. It’s far too lucrative for attackers to give up on it, and with the staggering amount of legacy systems out there inside these networks, the targets are just too rich for them to ignore.​

 

HEALTH IT, SECURITY

Leave a Reply

(required)

(required)


ADVERTISEMENT

Gartner Infrastructure


Gartner Application Strategies


IBC 2017

ITBriefcase Comparison Report