How to better protect IT systems against holiday ransomware threats
As celebrations increase, so do hackers’ efforts to gain data or cripple systems with ransomware. Organizations must be aware and ramp up security efforts.
In this season of giving, it’s best to prepare for an unwelcome gift – ransomware.
You may have seen the news reports about the ransomware attack that occurred during the Thanksgiving holiday which disrupted the operations of Ardent Health Services, a 30-hospital system with facilities across Idaho, Kansas, Oklahoma, New Jersey, New Mexico and Texas, starting on November 23. Those hospitals had to divert patients to other facilities because of the effects of the ransomware.
Is it a coincidence that the attack occurred during the Thanksgiving holiday? Maybe, but I don’t think so.
Cybercriminals and bad actors know that hospitals and health systems will likely have a small number of IT staff on hand during the holidays as well as evenings and weekends – making it a good time to attack these “targets of opportunity.” If no one is actively monitoring the various applications and systems, the attacks could go undetected for a long time and spread.
So it’s not surprising that we should expect to see attacks in December, similar to the Thanksgiving attacks. Holiday time means organizations need to be even more vigilant.
A nontechnical vulnerability that is sometimes overlooked is the seniority of staff. Some organizations have a “use or lose” vacation or PTO policy, meaning that the people with the longest seniority will likely have more vacation or PTO time to use before the end of the year. That leaves less experienced staff “guarding the fort.”
In light of this, organizations need to up their security game and consider implementing the following recommendations:
- • Review and update incident response plans and playbooks.
- • Ensure that all IT staff can locate and are familiar with the organization's incident response plans and playbooks.
- • Give new or junior level staff - who will likely be working during the holidays - an opportunity to participate in a tabletop exercise or drill.
- • Consult with clinicians who work on night shifts to educate them on downtime procedures. Transfer that knowledge to the day shift staff. Hospitals typically schedule their planned downtimes to occur during night shifts, and as a result, the night shift staff have more experience in running the hospital when systems are down.
- • Ensure that someone, even if it is a third-party service, is monitoring hospital applications and systems for alerts or other indicators of a possible attack.
- • Establish a relationship with the regional office of the Cybersecurity and Infrastructure Security Agency (CISA). In the case of Ardent Health Services, the CISA provided the organization with a warning before the Thanksgiving attack.
Organizations need to be aware that AI-tuned attacks will continue to emerge, allowing sophisticated, targeted attacks on operational systems. In addition, ransomware is being offered as a service, making it automated and enabling more “script-kiddies” to enter the fray.
The bottom line is that attackers don’t stop attempted incursions just because it’s a holiday. Healthcare organizations’ security efforts can’t afford anything less than increased diligence.
Tom Walsh is CEO of tw-Security.