Healthcare organizations often fall prey to ransomware when they don’t anticipate becoming targets, or they fail to test the limits of their cyber defense. But now that these attacks are becoming more sophisticated, it’s vital that your team assess weaknesses in your IT’s infrastructure before bad actors exploit them. Here’s the latest on ransomware trends reported in the industry.
Intentional Targets vs. Collateral Damage
While some healthcare groups are targeted by choice, that isn’t always the case, says HealthITSecurity. Others may be considered “collateral damage,” or fall “victim to ‘spray and pray’ tactics” typically involving phishing or brute force attacks. Because there’s no certainty in who will or won’t become a target, no healthcare organization should be complacent when it comes to implementing the best means of identifying and avoiding these kinds of automated malware. As for those that aren’t automated…
Ransomware, or RansomOps?
Traditional ransomware is developed from “simple malware,” and is usually executed in the form of automated attacks. However, many of these attacks are now human-led and coordinated within a group of sophisticated hackers, evolving into what some have dubbed ransom-as-a-service, or RansomOps, according to Healthcare IT News. While that may sound foreboding, organizations still have options available to prevent network intrusion. They start with adopting a policy of cyber resiliency, coupled with the tools necessary to maintain it. This policy must be company-wide and address the needs of your internal IT team, or you could risk a potential battle on another front…
A concerning report by way of Healthcare IT News notes that security professionals are increasingly likely to face burnout on the job. The reasons given are often network-related, from having to go outside company policies in order to find IT solutions, to simply hating the software that’s available. What’s worse, those that are unmotivated in their roles are more likely to be lax in other areas of cybersecurity, and potentially expose company data.
The bottom line? Take care of your IT staff by giving them the tools they need to engage fully with their roles.
Success Against Ransomware
In spite of these concerns, there’s also good news. TechCrunch notes that the DOJ’s Ransomware and Digital Extortion Task Force was able to secure decisive wins against cyber criminals during the past year.
Recently, the DoD also released updates to its Cybersecurity Maturity Model Certification. While these are required for government contractors, they could just as easily serve as guidelines for any organization in any industry in need of a stronger cyber defense.
If there’s one key takeaway from all of this, it’s that now is the time to assess your current level of cyber resiliency, identify weaknesses, and implement a plan to improve them. If your team would like assistance in any area of data management, let us know.