Ransomware: Healthcare Organizations Cannot Afford to Be Unprepared

I had just typed the last word of a new ISACA publication on governance of enterprise information technology for healthcare environments when today’s news on the National Health Service (NHS) ransomware attack broke.

As we now know (as of the time of this writing):
•  At least 16 UK National Health Service (NHS) trusts are affected, as well as unspecified other UK government departments and agencies
•  The malware used has been identified as “Wanna Decryptor,” which is preventable by some forms of anti-malware.
•  The action of the malware is to encrypt desktop-based files and position a ransomware message on the desktop and as a readme file.

The interruption of basic services such as email and network-dependent telephony (VOIP) can be devastating in healthcare environments. Targeted healthcare providers are particularly vulnerable to ransomware attacks. This is especially concerning, because according to ISACA’s global State of Cyber Security 2017 study, just half (53 percent) of organizations have a process in place to deal with ransomware attacks.

Most cyber attacks rely on basic deficits, such as not locking out administrative access, running unpatched operating systems or running ineffective anti-malware products.

My takeaway is this:

• Organizations cannot afford to be out of touch with basic cybersecurity requirements. It is reported that many of the impacted systems were running operating systems that were no longer supported by their manufacturer, but were still connected to networks and managing email with no compensating controls.
• Underinvestment in basic cybersecurity is a massive false economy. There is a danger that if budgets are looked at in silos, it can appear cheaper to leave vulnerable technologies in place without considering the huge cost impact of the operational interruption.
• Some newer forms of anti-malware are now over 99 percent effective. Newer forms of anti-malware, some of which can also run on top of or alongside older anti-virus solutions, can now identify and block over 99 percent of malware, including polymorphic forms they have never seen. They do this by using a basic form of artificial intelligence and machine learning. They can even be configured to completely block power shell scripts for desktop environments.

As I finish this post, the news is still breaking, and the impact of this cyberattack appears to be targeting a much larger number of international organizations.

If you are not getting the traction you need for investment in basic cyber security measures, please use this as a valuable moment in time to give your management a wake-up call.

Raef Meeuwisse, CISM, CISA, Author, Cyber Security

[ISACA Now Blog]