Malware and ransomware attacks have become more prevalent in recent times across all industries and market sectors. Large-scale attacks such as the ones perpetrated on Colonial Pipeline and JBS Foods were widely covered by the media. But these are not the only examples of successfully conducted attacks on businesses of all types and sizes.
The healthcare industry presents attractive targets for hackers intent on the distribution of ransomware. Cybercriminals choose targets carefully and are interested in compromising systems that store important or sensitive data resources. Businesses operating in the healthcare sphere check all the right boxes for malicious hackers looking for a profitable target. The increased use of the Internet of Things (IoT) and mobile devices further threatens the security of protected health information (PHI).
Healthcare facilities cannot afford for their systems to be down or allow sensitive and private patient data assets to be breached. The health and safety of their patients can be at risk with extended system outages. This makes them prime candidates for ransomware attacks.
What is Ransomware and How Does it Work?
Ransomware is a particularly virulent form of malware that has become a very popular tool used by hackers searching for financial gain. Whereas other forms of malware may be deployed to surreptitiously steal enterprise data without being noticed, ransomware does not make any attempt to be subtle.
A successful ransomware attack encrypts the target system’s hard drives, making it impossible for authorized users to access its data. The victimized organization is notified through locked computer screens that deliver the criminal’s ransom demands. The hackers promise to provide the decryption keys necessary to regain access to data assets when they are paid. Most ransomware attacks require the victims to pay with cryptocurrencies such as Bitcoin or Ethereum.
A ransomware attack poses significant problems for the victimized organization. If they choose to accede to the cybercriminal’s demands, there is no certainty that they will receive the decryption keys after making payment. It is quite possible that they will still not be able to access their data and be out a substantial amount of money. After all, these are criminals behind the ransomware who, by definition, cannot be trusted.
Early ransomware attacks simply encrypted a target’s data sources and demanded payment. Organizations with robust disaster recovery plans and procedures were often able to foil the attackers by restoring the affected systems to a point before it was infected by ransomware. The response by the hackers was to ramp up the stakes and make it more likely that they would get paid for a successful attack. Their next move was to start threatening to release the stolen data.
What is Phishing?
A common characteristic of all malware infections is that they need to gain entry to the target systems to effectively launch their attacks. This can be done using a variety of methods to subvert the security meant to protect data resources. Methods such as brute force attempts to compromise passwords and SQL injection are popular techniques used to plant malware on target systems.
Phishing is another method of compromising system security. Phishing is a cybercrime that attempts to lure unsuspecting individuals into providing hackers with sensitive information. This can include items such as personally identifiable information, login IDs, passwords, and financial data. Armed with this information, cybercriminals can take immediate action and steal valuable data or use compromised credentials to gain entry into an organization’s infrastructure where they can search for high-value targets.
A phishing attack is conducted using emails, text messages, or telephone calls that claim to be from a reliable source such as a credit card vendor or a trusted work colleague. Under normal circumstances, the requests made in a phishing email may be legitimate and ask for information necessary to carry out day-to-day business activities. Providing the same details in response to a phishing email can put an individual’s private information and potentially the whole organization at risk.
In many cases, a phishing email or text message does not directly ask for any type of sensitive data. Instead of alerting the recipient by a request for their login ID and password so they can access an organization’s network, a phishing scam can be infinitely more subtle. The goal is often to catch an individual with their guard down and get them to click on a seemingly innocent link.
The problem is that the link to the dancing cats you thought you were clicking on was really a springboard for malware now infecting your computer. Based on the type of malware in question, the malicious program may try to remain undetected and steal more information by capturing keystrokes as the user logs into business-critical systems. It may also immediately let you know you made a big mistake by shutting down your machine and demanding a ransom payment.
Tips to Defend Data Resources from Phishing Attacks
While the severity of a phishing attack can vary widely, it is always preferable to avoid falling victim to the scam in the first place. Due to the nature of phishing attacks, they can only be effectively addressed by educating users regarding their dangers. After that, it’s up to individuals to exercise the proper degree of caution to thwart the hackers’ plans.
Following are some tips to help prevent phishing attacks from being successful and putting your computing environment at risk.
- Stay informed about evolving phishing techniques. Hackers are constantly developing new nefarious methods of gaining access to enterprise computing resources. Knowing their new approaches can help fend them off.
- Don’t click on untrusted sites. If you are uncertain as to a link’s legitimacy, use your web browser and go to the site directly without using the embedded link.
- Use anti-virus software and an anti-phishing toolbar. These tools can help keep malware out of your systems and warn you if you attempt to open a malicious link.
- Be very cautious of pop-up windows that are often disguised phishing attempts.
- Employ robust firewalls to keep intruders out of your infrastructure.
- Refrain from providing sensitive or personal details over any type of electronic communication unless you can reliably verify the source of the request.
The following red flags may indicate that the message you are looking at could be a phishing lure waiting for you to bite. Things to look for include:
- Messages from unknown senders inside or outside the organization requesting information or presenting an unknown link;
- Emails that are sent to an unusual mix of recipients;
- Hyperlinks that connect to different websites than that displayed in the message text;
- Subjects that do not match the content of the message;
- Unexpected attachments to potentially dangerous filetypes;
- Messages posing as normal communication but are sent at abnormal times.
Phishing attacks can be thwarted if the right level of caution is practiced by all employees regarding the use of electronic communication. Failure to take these risks seriously puts the whole organization and its data assets at risk.
Conclusion
With the proper user education and a secure, HIPAA-compliant hosting environment, phishing attacks can be prevented. The key is for all employees in the healthcare industry to be aware of the dangers of phishing, have the knowledge necessary to identify a potential threat, and always err on the side of caution when skeptical about the legitimacy of requests for sensitive information. If no one takes the bait, the phishing expedition will wind up empty-handed, and enterprise data resources will remain secure.
Contributed by Atlantic.Net, Inc.
Atlantic.Net provides HIPAA-compliant hosting. Our state-of-the-art infrastructure is SOC2, SOC3, HIPAA, and HITECH compliant and housed in secure, climate-controlled facilities with constant monitoring and multiple direct connections to the Internet backbone to ensure availability and data safety.