News flash: healthcare organizations are being hacked 24/7/365. Experiencing a ransomware attack, losing control of all data for ransom to a faceless hacker feels similar to having your home burglarized...Violated.
In many cases, targeted hacking is financially motivated to hold data hostage and make payroll. Hackers target Physicians and Executives identified on websites. With more user IDs and passwords available on the dark-web today than ever before, being hacked has become significantly more likely than in the past. We at HIPAA One want to share a few ways we see organizations are vulnerable and get hacked. Take action after reading this blog to protect your organization from being the next target. Here are three areas on what to do if you are under a ransomware attack:
Prevent Hacking and Ransomware
- Training, Training, and more Training: Remind all workforce members about the dangers of email phishing. Even if the organization considers yourself to be the Fort Knox of security one wrong click from a staff member could result in a significant breach. Here are key ways to avoid falling victim to ransomware via email phishing:
- Be suspicious of emails and messages especially if the urgently request personal information.
- Think before you click any links.
- Regularly update your computer, email and applications.
- Never share personal information online.
- IT controls must be working properly TODAY:
- Enable logging on all your systems (databases, email, file servers, network firewalls, cloud services, etc.) and store those logs for at least 3 months.
- Enable Multi-Factor authentication to make is even harder for a password to be guessed and an email account to be hacked.
- Implement all HIGH-RISK remediation plans found in your most recent HIPAA Security Risk Analysis (SRA).
- HIPAA One tracks HIGH RISKS and provides instructions on what to do for anti-malware, firewall, web-content filtering, inactive users, and service accounts commonly used to access the network.
- Email reminders to out weekly to those assigned to remediate and update risks the SRA.
- Conduct periodic Penetration Testing
Recover from Hacking and Ransomware (without paying any ransom)
- Make sure backups are occurring and stored offline and test a restore procedure to simulate a complete lock-down of all your servers, at least quarterly.
- Physically separate backup files from the servers and network to avoid having backups also encrypted by ransomware.
Know What to do During a Hacking Attack and Ransomware
- Have a plan in the event of a hacker-attack, ransomware attack or any other security incident:
- Here is an example of procedure to follow should you have a security incident (Security Incident Response Plan workflow).
- Disconnect servers from the network, do not turn off. Contact a forensics firm (HIPAA One does this). We will download the memory of the servers and see if we can locate the decryption key and save the day (it happens!).
If security is not top of mind for all organizations, it should be. Taking no action given enough time will guarantee your organization will experience a hacking incident. We hope this blog provides resources to help prepare against a breach.
Questions? Comments? Please contact us to get secure and compliant today (and if you are under attack). Also, feel free to post below your ransomware or hacking experiences below!