Ransomware and Email Top Health IT Concerns

A new survey suggests executives are most concerned about ransomware in 2018, and email is the biggest vulnerability.

More than three-quarters of healthcare information technology (IT) executives have battled ransomware or malware attacks this past year, and they believe 2017 was just a warmup for an even worse 2018, according to the results of a new survey.

The cybersecurity firm Mimecast released the findings from its poll of senior IT and security executive in the healthcare industry. The survey was conducted in partnership with HIMSS Analytics, a branch of the Healthcare Information and Management Systems Society.

The data show that 78% of respondents dealt with a ransomware and/or malware attack in 2017, and 95% of respondents say protection against ransomware is their top priority heading into 2018. A separate report, from Verizon, shows that the vast majority (72%) of malware attacks on healthcare organizations are ransomware incidents.

David Hood, a cyber resilience strategist in Mimecast’s healthcare practice, says ransomware is low-hanging fruit.

“Ransomware is being used so frequently because it’s relatively easy to launch an attack and is very quick to monetize with cryptocurrencies like Bitcoin and Ethereum,” Hood tells Healthcare Analytics News.

Moreover, the return on investment for ransomware attackers is huge.

“Medical records are proving to be highly valuable, with reports saying that patient information is at least 10 times more valuable than credit card information,” Hood says.

That’s one reason the healthcare industry, which has traditionally lagged behind other sectors in cybersecurity, is beginning to focus and spend more on cybersecurity, he adds.

As healthcare looks to improve its defenses, the smartest place to start appears to be email. The Mimecast survey suggests healthcare cybersecurity executives continue to see email as their top security liability. Asked to rank their “most likely” source of a data breach, 37% of respondents ranked the medium first, far more than any other category. Another 22% of respondents put email as the second or third most likely avenues for threats. Laptops, and “other portable devices,” came in second and third, respectively.

“Everything you can do with an email can be used as part of an attack,” Hood says. “Attachments can be unsafe. Links can be unsafe. Even the words in an email can be unsafe.”

Image and thumbnail have been resized. Courtesy of Christiaan Colen, Flickr.

He says social engineering can also be used to trick employees into giving up data or cash.

And while some industries have adopted team chat tools as a partial replacement for email, it will continue to be the healthcare industry’s top communication platform “for the foreseeable future,” he notes.

As such, healthcare organizations must utilize employee training, not just software, to show staffers how to safely handle email and limit the effects of malicious messages. Well-trained employees can create a “human firewall,” and a first line of defense against hackers who use email, he says.

Still, email isn’t just one part of a solid healthcare cybersecurity infrastructure, Hood says.

“An organization needs to react to where the threats are coming from, which is why making email more secure is one part of the security stack,” he explains. “Having systems capable of sharing data across different channels—for example, across email security and the firewall—will ultimately lead to better protection and will allow organizations to be prepared as attackers shift tactics.”

As for ransomware, Hood points to 2 strategies that seem to be helping: separation and duplication.

The first strategy involves creating an “air gap” between operational systems and communication channels so that healthcare organizations can continue their day-to-day business even if they fall victim to a threat.

The other strategy is to keep secure backups of critical data. If that backup data is encrypted and protected, it can allow organizations to quickly get back up and running, eliminating the ability of a ransomware attacker to hold the organization hostage.

In an industry where cyber threats are pervasive and on the rise, Hood says healthcare executives need to be proactive.

“Healthcare providers should take steps now to better protect their employees and organization,” he says.