Ransomware Attacks Hit 2 More Healthcare Organizations
Security Advisers Offer Risk Mitigation Tips
… Healthcare organizations should take a number of critical steps to prevent falling victim to ransomware, says Tom Walsh, president of consulting firm tw-Security.
“The most important step in prevention of ransomware is workforce awareness,” he says.
“Because phishing emails are common and getting more sophisticated, employees could be easily tricked into clicking on a malicious hyperlink embedded in an email or in an attachment,” he says. Organizations need to continue educating their workforce on techniques for preventing downloading malicious code, he adds.
… Ransomware readiness assessments also are essential, Walsh says, “to determine if safeguards and controls are adequate and if their response procedures address HHS OCR reporting requirements.”
It’s also important to ensure there is an “air gap” to prevent the data backups from being infected with ransomware, he notes. “This may mean going old school and having at least one copy of data backups on removable media – encrypted of course – that is isolated from the networked backup system.”
Walsh also advises organizations to “conduct a tabletop exercise using ransomware as the scenario.”
To prepare for a ransomware attack that impedes access to patients’ electronic health records, “each organization should have written ‘downtime procedures’ and printed forms to ensure the continuity of business operations,” he says.