Healthcare organizations must take several important steps to protect their environments against ransomware attacks, says Mac McMillan, CEO of the security consulting firm CynergisTek.
"The first thing they need to focus on is user awareness because a lot of these attacks are occurring because users are doing things that are dangerous," McMillan says in an interview with Information Security Media Group during the HIMSS 2016 conference in Las Vegas. That includes downloading documents from sources they don't know and opening attachments in emails or clicking on links that bring them to malicious sites, he says.
"We need to educate them better on what they're doing and the choices they're making," he says.
"Number two, we need to focus on other protections," he says. Those include "hardening systems," updating and patching software and operating systems and configuration management, he says.
The third important step is improving breach detection capabilities, McMillan says. "We've got to get away from just signature-based technology to protect us because most of these attacks today, we don't know the signature, which means they're going to come right past those protections, and they are going to infect us."
Another important step is making sure processes and procedures are in place to recover from ransomware attacks, he adds.
Healthcare organizations also need to consider bolstering how they protect privileged access credentials to guard against cyberattacks, he says. "Elevated privileges are a gold mine for the attacker. Once they get ahold of that, there's nothing [an attacker] can't do ... depending upon the protections in the environment."
To protect these credentials, organizations should limit elevated privileges to the minimum number of individuals who need it and encrypt the credentials and apply at least a second factor of authentication, the consultant advises.
"Last but not least, if you can afford it, go ahead and vault those [credentials]. Make them perishable - don't let them be persistent on the network," he adds.
In the interview (see audio link below photo), McMillan also discusses:
- Endpoint security tips;
- Emerging variants of malware used for ransomware and other attacks;
- Other evolving cyber threat trends.
McMillan is co-founder and CEO of CynergisTek Inc. an Austin, Texas-based firm specializing in information security and regulatory compliance in healthcare, financial services and other industries. He has more than 30 years of security and risk management experience, including 20 years at the Department of Defense, most recently at the Defense Threat Reduction Agency. He is also chair of the Healthcare Information and Management Systems Society's privacy and security task force.