(continued from page 1)
Electronic medical records (EMR) are the regulated law of the land, and if something happens to them, then patient lives are at risk. That's the sum to the right in the calculus used by ransomware criminals when choosing their victims.
Several factors may contribute to the popularity of healthcare organizations as a ransomware target. The first, as noted prior, is the critical nature of the data held as hostage. A second could be that the smaller healthcare organizations so often hit tend to have relatively small IT staffs — a trait they share with the small municipalities hit in a wave of ransomware attacks earlier this year.
The third significant factor is that the software used to create and manage EMR is rather homogenous in the US. A single vendor, Epic, has more than half the market share (58%) in hospitals with more than 500 beds, and two vendors — Epic and Cerner — have 54% of the total EMR market.
August points out that the primary infection vectors for ransomware, as with almost all malware, are email clients and Web browsers. For those infection points, August says the traditional combination of user education and endpoint anti-malware systems are important.
Beyond the basics, though, August says IT security teams should become more aggressive in their use of advanced techniques to improve visibility into the activity on and around the network.
"There are other things people can do either through the use of additional monitoring tools, like honeypots, network sniffers, and other things to get additional visibility to these networks," he says.
Finally, August says it's important for security professionals to communicate with their peers to understand the threats they all face.
"We're all in this together," he says. "There's a whole lot of security folks that all want to do the right thing, and it's hard."
There is a lot to know, he says, and only by leaning on one other can security professionals learn from one other and hope to stay ahead of attackers.