How Healthcare Organizations Can Defend Against Ransomware

There’s no denying it - the need for stronger cyber defense is urgent. More ransomware attacks targeted healthcare in 2022 than any other critical infrastructure sector, according to the FBI’s Internet Crime Complaint Center (IC3). With attacks on healthcare negatively impacting patient care – including increased mortality rates - healthcare organizations must adopt proactive approaches to better protect its patients and sensitive information. 

In the spring, the Multi-State Information Sharing and Analysis Center (MS-ISAC) released new guidelines aimed to support healthcare organizations stack up against cyber-attacks. Developed through collaboration between the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the National Security Agency (NSA), the counsel includes best practices for prevention and response to the six most-common vectors for ransomware – internet-facing vulnerabilities and misconfigurations, compromised credentials, phishing, precursor malware infection, advanced forms of social engineering, and third parties and managed service providers. 

The guidance provides healthcare organizations and hospitals with a helpful starting point, offering a plan for implementing essential security steps. However, there are gaps where more can be done to better protect against ransomware.  

For starters, phishing accounted for up to 60% of the attacks on the healthcare sector in the first quarter of 2023, according to DNSFilter’s State of Internet Security Report. Even more unnerving? Research shows that healthcare employees are twice as likely to click on phishing links as employees in other sectors.  

It’s time for the healthcare industry to take action – with a proactive approach to ransomware protection.

The full piece was published on HIT Consultant.