Tuesday , 17 July 2018
Home » NEWS » THIS WEEK’S GURUS » Mitigating ransomware in the healthcare sector
Peter Groucutt, Managing Director, Databarracks
Mitigating ransomware in the healthcare sector

Mitigating ransomware in the healthcare sector

The healthcare sector is now a prime target for cyber criminals who are keen to capitalise on this sector’s need to run an always-on operation and malware infections are the biggest information security concern amongst healthcare providers, as revealed by KPMG.


A recent Freedom of Information (FoI) request revealed that 88 NHS trusts out of 260 across England, Scotland and Wales were the victim of ransomware in just an 18 month period, even before the WannaCry attack in May.


Although outright prevention of ransomware is impossible, there are simple and essential steps organisations can take to reduce the risk and impact of attacks.


Remain up to date

Keeping up to date with the latest developments in cyber security is the most important place to start. In the case of WannaCry, Microsoft released a patch to in March which addressed the vulnerability.  Simply by being up to date would have prevented the spread of the ransomware.


It’s also important to keep your antivirus software up to date. Antivirus software makers are constantly making updates to include new threats. It is very hard to protect against the emergent threats in the period when they are in the wild but before AV software is updated but this makes up a small portion of all threats. Again, keeping up to date is the best protection. Failing to do this will leave you exposed as a vulnerable target for cyber criminals.


Communicate risks and educate staff

Communicate security risks clearly. Have clear policies in place for risk management, and make sure your team understands the recommended procedures to follow in the case of a breach. This applies to all organisations, whether it’s a general hospital or a small practice. It only takes one infected email to be opened and the whole operation is affected.


Regular cyber security training is essential and should be rolled out throughout every level of the organisation. If employees are able to recognise a suspicious email as a threat, the whole security incident can be avoided.


Planning and testing

We usually recommend that organisations plan for impacts and test for scenarios. Impact-based planning works on the assumption that even though there are an infinite number of possible disasters, the number of potential consequences at operational level are much smaller. With scenario-based planning, users are asked to anticipate the implications of a disastrous event and then create a solution ahead of time.


Having said that, there are certain threats that do necessitate having a specific response plan in place and ransomware is an example of this. Evidence highlights that the healthcare sector is a prime target for ransomware attacks, therefore full scale DR testing should be carried out where possible.


Where this isn’t possible, organisations should run exercises such as a tabletop test as a minimum. This involves organisations responding to a simulated disruption by walking through their recovery plans and outlining their responses and actions. In a hospital the welfare of patients makes this process even more critical, therefore plans should be regularly reviewed, updated and tested. This ensures that in the event of an incident, plans can be executed as effectively as possible with minimum impact to everyone concerned.


Make a ransomware attack the focus of your next test, this will enable you to see how your team would cope and will help you to create a step-by-step runbook of how to deal with an attack in the future.



If you are hit with a ransomware attack you essentially have two options. You can either recover the information from a previous backup or pay the ransom. However, even if you pay the ransom, there is no guarantee that you will actually get your data back, so the only way to stay fully protected is to have historic copies of your data.


When recovering from ransomware your two aims are to minimise the amount of data loss and to minimise the amount of IT downtime. However, traditional disaster recovery services aren’t optimised for cyber threats. Replication software immediately copies the ransomware from production IT systems to the offsite replica. Recovering from ransomware demands reverting to a clean historic version of your data (from before the infection occurred) which usually means restoring from backups.


The problem with restoring from your backups is the length of time it takes, a particular challenge for hospitals who have vast patient healthcare records. Restoring every file from a large document management system can take hours, or even days, so you’d have to contend with significant downtime for the recovery process too. By partnering with a recovery specialist, healthcare organisations can significantly reduce this process, which will ultimately ensure a faster recovery and greater peace-of-mind.


About Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email - dean@itsecurityguru.org