Stay safe in the wake of a ransomware attack

Nationwide healthcare system hit by major cyber incident

By Mark HoffmannKENOSHA.COM

A leader in the IT industry for nearly three decades, Hoffmann has helped small and large businesses take advantage of technology to better serve their customers and employees. Hoffmann is owner of CMIT Solutions of SE Wisconsin.

A ransomware attack targeting a major healthcare system forced the closure of hundreds of locations in California, Connecticut, Pennsylvania, and Rhode Island last week. Urgent care clinics, medical imaging centers, and blood labs were among those affected.

More than 180 facilities in Prospect Medical Holdings’ network took their systems offline while the cyberattack was investigated. Some locations had to shut their doors completely, while others were forced to operate using only paper records.

The full extent of the disruption is not yet known; as of this writing, the company’s website was still reporting that “Prospect Medical Holdings, along with all Prospect Medical facilities, is experiencing a systemwide outage.” But many cybersecurity experts fear that hackers could steal or leak private health information (PHI) for hundreds of thousands of Prospect patients.

The attack reflects an ongoing trend of healthcare companies being targeted by cyberattacks. In 2021, Fierce Healthcare reported a 470% increase in ransomware incidents, reflected in large part by a surge in companies moving services and information online during the early days of the COVID-19 pandemic. And in 2022 alone, major systems like One Brooklyn Health, which serves New York City’s 8.7 million residents, and CommonSpirit Health, which operates more than 140 hospitals and 700 care sites nationwide, were targeted by hackers.

Why are healthcare companies being targeted?

Experts say that businesses in this industry typically have complex hardware and software needs that combine new and old technologies, with overlapping layers of IT support—“and all in the context of critical digital services delivery,” said Jack Kufahl, chief information security officer at Michigan Medicine, in a recent interview with Becker’s Healthcare. If anything, Kufahl added, “the technological environment is going to be more complex as systems figure out how to integrate while continuing to provide ongoing healthcare delivery.”

That reflects the recent findings of a University of Texas at Dallas study, which discovered that cyberattacks are a severe threat to healthcare systems in the two-year window following a merger or acquisition. In industry parlance, assuming responsibility for outdated or legacy hardware and software systems is known as “technical debt” and factored into many business deals. And any time an IT environment operates with that kind of confusion, hackers can find more entryways to exploit.

What’s the best way to protect business systems and information?

Whether your company operates in the healthcare market or not, the industry’s cybersecurity best practices can be adapted. Here are a few strategies that CMIT Solutions recommends to protect critical IT infrastructure, protected data, and other digital assets:

• Make sure your data is backed up regularly, reliably, and remotely. Because the Prospect Medical Holding ransomware attack hit a system so big and widely dispersed, it won’t be easy to quickly bounce back. But one cybersecurity step that can help is data backup. When information is archived regularly and stored redundantly in multiple locations, retrieval is possible—and impacted businesses can avoid the difficult decision of whether to pay a hacker to try and retrieve it. With data backup, a trusted IT provider can help you erase any ransomware infections and reset affected machines.

• Implement (and test) a plan to recover that data. Many companies think that data backup is enough to survive a catastrophe like ransomware. But data recovery and business continuity plans are just as important. These lay out the steps necessary to retrieve saved information from its latest backup point, reinstall it in the right location, and reboot regular day-to-day operations. Reviewing and testing those steps are critical, too, so that companies can avert a disaster and bounce back quickly. Without this kind of plan in place, many employees won’t know how to respond to a crisis.

• Take a “whole system” view of cybersecurity. To maximize threat prevention, you must look at the big picture. Most businesses are used to protecting desktops, laptops, and smartphones. But what about behind-the-scenes physical devices like Wi-Fi routers, servers, and Internet of Things (IoT) devices? Are firewalls, content filters, and email sandboxes activated? Are remote desktop protocols, virtual private networks (VPNs), and endpoint encryptions all functioning properly? When you work with a trusted IT provider like CMIT Solutions, you have a full suite of cybersecurity protection at your fingertips. That includes full asset visibility, real-time network analysis, and a deep bench of operational experts using both human intelligence and automated monitoring to detect and respond to incoming threats.

• Provide training and education to empower employees. When staff members receive situational cybersecurity training and participate in attack simulations, they often feel motivated to act as a first line of defense. That’s because they know how to identify a scam email, report a phishing attempt, or spot a malicious web ad before falling victim to it. Practical and pragmatic ransomware training can also teach employees what steps to take when a suspected infection pops up.

• Strengthen login credentials to keep unauthorized users out of your systems. Multi-factor authentication (MFA) is a must. This enhanced tool requires a user to enter both something they know (their password) and something they have (a unique code typically delivered via text message, app notification, or email) to log in to apps and business systems. The biggest benefit of MFA is that it adds an extra backstop in case usernames and passwords are stolen in the kind of attack perpetuated against Prospect Medical Holdings.

• Make sure all systems are running updated operating systems. Many healthcare facilities still use legacy devices that run older unsupported operating systems. For hackers, these are incredibly easy to exploit—and gaining entry to one unprotected machine then grants access to traverse an entire network. In an industry as interconnected as healthcare, this can be a major problem. Developing a plan to regularly update operating systems or retire obsolete computers is a must for multi-location companies. At CMIT Solutions, we also have specialized experience installing security patches or software updates during off-hours to minimize disruptions for patients, providers, and admin staff reliant on medical systems.

• Work with a trusted IT provider to gain a competitive advantage. A relationship with a business partner goes deeper than just upgrading machines, though:
• A reliable managed services provider like CMIT Solutions will understand the need for a multi-layered approach.
• An experienced technology specialist will help you identify vulnerabilities that could lead to a cyberattack.
• An industry leader with deep experience in the healthcare space will know how to anticipate new strains of ransomware.
• Most importantly, a fellow business owner in your local community will understand the need to solve short-term problems while positioning your company to make sound financial investments that lead to long-term success.

That’s the difference with CMIT Solutions. We work hard to protect data, secure networks, and empower employees. As a large North American system with 25 years of experience and more than 250 offices across the United States and Canada, we also know how to scale solutions to make threat protection attainable for any business.

Whether you’re a large healthcare system looking for operational stability or a small office that needs to upgrade its computer systems, CMIT Solutions can help. Contact us today to prevent ransomware and ensure a safer future for your business.