FAQ – Phishing and Ransomware

The following highlights best practices to protect yourself and your organization.

What should healthcare entities be doing today to prevent/defend against phishing?
  • Prohibit access to personal webmail through organizational resources
  • Mandate the workforce to use “guest” wireless network when connecting personally-owned devices via Wi-Fi
  • Prevent rules that auto-forward organizational email to personal, webmail accounts
  • Limit OWA access to internal IP addresses
  • Implement a “buffer” between inbound emails and a user’s mailbox
    • Open and test embedded hyperlinks contained within emails in a safe environment (sandbox) before allowing the email to pass through the email server
  • Remove or restrict select protocols used by system administrators/email vendor that could be exploited (e.g., Exchange Web Services, Remote Procedure Call, etc.)
  • Mandate system administrators to use dedicated admin accounts for email management
  • Remind the workforce not to use passwords from personal accounts (e.g., Gmail, Pinterest, Amazon) for any organizational application or system
  • Remind the workforce to use unique passwords for every organizational application or system
    • If a hacker can get an employee’s login credentials from one application, they may then try to login into the employee’s HR portal with that information and redirect payroll deposits
Will ransomware continue to be a prevalent attack used against healthcare entities in 2020?

Yes, because of their simple effectiveness. Phishing emails are getting more sophisticated and may slip through filters. Employees can be tricked into clicking a hyperlink, some of which could be within an apparently legitimate attachment.”

Any tips about protecting data from permanent destruction in ransomware and other attacks, or data incidents?

Look at the Health Industry Cybersecurity Practices (HICP) for some excellent guidance. HICP was created by the Cybersecurity Act of 2015, Public Law 114-113, Section 405(d) “Aligning Health Care Industry Security Approaches.” In particular, Practice #4: Data Protection and Loss Prevention, 4.M.D Backup Strategies

(NIST CSF ref: PR.IP-4). For more information, please reference: https://www.nist.gov/system/files/documents/2019/10/16/1-4-hicp-405d-chua-decker-heesters.pdf

Contact tw-Security to conduct a Ransomware Readiness Assessment and incident response tabletop exercise.