While healthcare professionals are at the forefront of battling the coronavirus, it has placed more emphasis on increasing online consultations and reducing physical interactions. The lockdown since March saw a 500 per cent rise in online doctor consultations. As the Indian healthcare industry continues its march ahead towards going complete digital, IT security in this particular sector is still at a nascent stage in India. And cyberattacks – specifically ransomware – are not a new phenomenon for the healthcare industry.
At a time when nothing is for certain, one thing we can count on is that attackers are going to continue to evolve their ransomware tactics, and as such will continue to target the healthcare industry due to its wealth of valuable confidential information. For managed service providers (MSPs) servicing the healthcare industry, this means implementing a combination of prevention and rapid incident response measures in their customers’ environments is more important than ever.
Let’s have a look at five of the top ransomware safeguards every MSP can take to support its healthcare customers when they need it most:
- Awareness and education. IT security is the responsibility of everyone in the organization, not just the security team or the MSP partner. Anyone with a hospital email account should know how to create a strong password with two-factor authentication. Further, it’s important for everyone to know what a phishing email looks like, especially since they are a huge vehicle for ransomware delivery. MSPs need to enable their customers to share this knowledge across the entire organization.
- Bringing IT hygiene up to date. Many hospitals already have a security team, but most are heavily under resourced. MSPs should help these teams adopt and implement simple best practices that go a long way. Implementing the latest security patches, multifactor authentication, and processes for regular off-site regular backups of sensitive records are all essentials.
- Deploying EDR. Protect against a ransomware attack means disrupting the attack chain from end to end. MSPs can help their healthcare customers do exactly this by deploying endpoint detection and response (EDR) across a health system’s network. EDR ensures every endpoint is fortified with up-to-date safeguards, providing threat response teams with the context they need to actively track down adversaries, identify threats, and respond accordingly.
- Human intervention. Technology plays a big part in thwarting ransomware attacks, but it must be complemented with human expertise. MSPs can arm their healthcare customers with an elite, human-led threat hunting response team able to recognize patterns, apply context to potential threats, and get to the root cause of a recurring problem – enabling a combination of both offense and defense.
- Rapid incident response. Unfortunately, it is inevitable that some healthcare systems will still be hit by a ransomware attack. If and when this happens to their customers, MSPs need to make sure that they can jump in immediately with lightning-fast incident response. Sophos Rapid Response provides a first-of-its-kind service designed to get healthcare organizations out of the danger zone and fast.
It’s also important to remember that MSP healthcare customers aren’t the only ones being targeted with ransomware. At Sophos, we’re continuing to see MSPs themselves being attacked. For both MSPs and their customers, it is critical to be prepared and agile when it comes to tackling today’s ransomware landscape.