Author–Galina Datskovsky
A few weeks ago Hollywood Presbyterian Medical Center was held hostage by hackers. Yes, literally and unbelievably so! Hackers got into the hospital data systems and virtually shut down all operations for 10 days. The hospital chose to pay the ransom of $17,000 rather than risk further embarrassment and no access to their data. It is incredible that a group of hackers can so paralyze an organization, especially one where people’s lives are concerned. In fact, it was noted in this same article, that The Federal Bureau of Investigation warned in mid-2015 that ransomware is growing and that victims of just one attacker have reported losses totaling more than $18 million. So what can be done to prevent or minimize such attacks, which are bound to increase since a precedent of payment has certainly been set? Here are several recommendations:
1. Improve Information Governance
Since attacks will happen, and breach is inevitable, how does a good governance program help an organization? I would like to suggest that it is impossible to protect all information equally.
A good governance program allows organizations to identify their key assets and protect those that are mission critical with more defenses than those that are less critical.
It may be even possible to set up ‘honey pots’ with key data to throw attackers off track.
2. Prepare Contingency Plans
In a world that is riddled with hackers, breach, natural disasters and now ransom request, organizations must have contingency plans in place to ensure that operations can continue in the case of such an event. Good information governance allows organizations to set up appropriate disaster recovery and contingency plans.
In that case, the data that is absolutely necessary for operations can be accessed in case of an emergency and operations can continue. No matter what the scenario it’s better to be prepared.
3. Use Alternative Communication Channels for Crisis Communications
In order to make sure that communications continue while systems are down an alternate communication method should be used to clear out attackers and make plans.
Usually, attackers are listening to the standard communications, email, chats etc. Having a secure, encrypted and ephemeral communication application that is SaaS based and independent is a good way to keep communications flowing ‘off the grid’, make plans and ensure that critical communications never cease while not making your plans available to your foe.
Make no mistake, we are in a war with cyber terrorists and criminals.
Healthcare organizations are a primary target. Use the tools of the trade to be prepared before an attack like this happens to your organization to avoid being taken hostage or losing vital patient data.
To find out more on how to avoid these scenarios, contact us to speak to one of our experts.