In June, Health Data Management hosted a meeting of information security experts to discuss ransomware and how to handle it. They agreed that many entities are likely to be affected by it. It’s a big and growing problem. Paying the ransom only gives criminals more money to improve their ransomware.
Daniel Sergile, Director of Security Operations at CIOX Health, said: “But it also highlights another problem: Enterprises don’t do a good job with their backup and recovery. If you were doing monthly and daily intermittent backups, you wouldn’t “. I don’t have to pay a $17,000 ransom. It would literally take a snapshot, lose a day’s worth of data, and probably cost less than $17,000. It goes back to the basics of information security: Do employees have administrative rights? all over the Are those rights too high, allowing them to modify their systems? And at the system level, are we investing in the latest and greatest versions of antivirus and employee scanning tools? If we go back to basics and do what needs to be done, not to the point where it cripples the business, but secures it, then I think you would see a lot less people paying that ransom.”
John Mertz, vice president and CIO of South Nassau Communities Hospital, noted that if backups are offsite, getting and restoring them will take too long.
In good hosting facilities, SQL backups are done every 15 minutes. Full backups are performed daily. These backups are first made on the same physical server on a different disk array from the live database and then copied to a separate physical server, thus being stored twice. Backups are kept on site, so in the event of ransomware, data can be quickly restored.
If you host your own software and database, Steve Dryer, administrator of a hosting facility, advises you to do the following:
1. Make sure you are actually backing up.
2. Be sure to back up what you need.
3. Make sure your backups are good and readable.
4. Make sure you can and know how to restore your system to a fully working state if necessary.
Regardless of where your data and software resides, he says you shouldn’t rely on backup alone. Have other security in place that monitors and alerts you if a problem occurs.
Keep everything up to date and patched. By that he means:
1. Operating system on PCs
2. Operating system on the server
3. PC and server main board BIOS
4. PC and server drivers
5. PC and server controller drivers and BIOS and RAID card drivers.
6. All PC and server firmware
7. All firmware for network equipment, including switches, routers, firewalls, access points, and WiFi equipment
8. All antivirus protection (and of course make sure it’s running).
It goes on to point out that anything that is deprecated and no longer supported and therefore updated SHOULD NOT be used. That means Windows XP, Microsoft Office 2003, and other software and hardware that is no longer supported must be replaced.
You must control employee access to only those Internet sites necessary for the business. Do not allow employees to connect their cell phones or other mobile devices to your practice’s WiFi.
What if a user receives a ransomware message? María Suárez, director of information security at Hackensack University Medical Center, said that if users ever see a ransomware message, they should disconnect from the network but not turn off their computer.