Imagine driving into work, ready for a typical day. You expect to pull patient records, get ready for a day of performing surgeries, check-in with scheduled patients - your mind is focused on all you need to do.
But walking through your office door, you know something isn’t right. All computers are down, and they tell you not to log back in. Business has come to a standstill.
You cancel surgeries. You clear your schedule. Instead of using your computer, you find yourself hunting for paper and pen, moving back to old-fashioned living again.
It’s not the newest novel from your favorite sci-fi author, or even the latest series on Netflix. It’s a recent cyberattack that impacted Universal Health Services, a chain of more than 250 hospitals across North America.
This attack lasted for days, causing hospitals around the country to cancel and postpone all kinds of appointments, as staff scrambled to get back to normal. While no patient data was compromised, it was a clinical and financial disruption.
It’s just another example of an IT security issue.
Cybersecurity Ventures has predicted cybercrime will cost in excess of $6 trillion annually by 2021. Cybercrime is the fastest growing crime in the US, with the numbers increasing in cost, size, and sophistication every year. It represents the greatest transfer of economic wealth in history, even more profitable than the global trade of all major illegal drugs.
That’s because it can be something as simple as clicking on a link in an email to bring the system down. Once the door is open, the hacker slides in. And chaos begins.
Just like with the Universal Health Services attack, when a screen pops up stating “pay the ransom or else,” it causes people to scramble.
From a criminal perspective, the first step is to figure out how to get malware into a system. It’s a constant game of creating content, moving it around, and hoping to use the right credentials to find a lucrative victim. Healthcare is always one of the best places to attack because of its high potential.
That means it's always the job of a security team to thwart this action. If you can close the gap and prevent an attack, it reduces the chances of allowing criminals in.
Prevention
This is the first wall of defense in preventing an attack. While you don’t have to send everyone in your practice to regular training, it is important to send periodic emails, stressing the importance of never clicking links or opening attachments without verification. If anything seems out of the ordinary, don’t click.
You should also have scanning and filtering technology to stop malware before it comes into your system. And as system patches become available, install them quickly. It may sound like simple advice, but sometimes simple things can have the greatest impact.
Access
It’s also essential to develop a system that prevents lateral movement once a break-in occurs. Instead of allowing administrators access to all of your data, create separate systems and logins for doing different things. That way, if a hacker finds their way into one account, they can’t jump to other areas, gaining access to the entire system.
Recovery
While it’s important to do what you can to prevent an attack, it’s equally important to create a plan that walks you through what to do once a hacker is in. In reality, every business is at risk. And with cyberattacks on the rise, it’s no longer “if” but “when.”
Pay attention to your backup solutions. Be sure you have an effective backup policy that helps you recover quickly in the event of an attack. Don’t assume it’s working; test it regularly.
And always be on the lookout for ways to improve.
Cybercriminals learn every day from their mistakes, looking for new ways to move forward.
If you’re not doing the same, in time, they’ll find a way in.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.
