Ransomware: 5 prevention strategies for healthcare organizations

With reports this week that Hollywood Presbyterian Medical Center in California was forced to pay a ransom of approximately $17,000 to hackers who infiltrated the hospital’s computer systems, concerns over ransomware—and how to prevent similar attacks on other healthcare organizations—continue to grow within the healthcare community.

Security companies such as Data Breach Today and Trend Micro agree that protection begins with prevention and preparation. Below are five tips that healthcare companies can use to stay ahead of the hackers and protect their electronic data from ransomware.

  • Educate employees. The majority of ransomware attacks start with a socially engineered email to employees containing harmful attachments or embedded links and entice the user to open or click based on compelling language within the email. Educating employees to avoid opening suspicious messages will help ward off potential attacks.
  • Use robust and regular data backup strategies. Organizations who perform regular backups and can rapidly restore systems will be able to recover from attacks more quickly. One of the best ways for healthcare organizations to battle ransomware that locks down servers or other systems is to maintain offsite backups.
  • Employ sufficient anti-malware tools. Ransomware is a form of malware, and thus can be blocked on PCs by any anti-virus or anti-malware engine that correctly signature-matches the malicious code. With no protection in place, an infected PC may already have played host to malware designed to steal financial details, launch distributed denial-of-service attacks or relay spam by the time it is detected.
  • Protect and monitor your servers. A growing number of ransomware attacks target network servers. Network-based security solutions like IDS/IPS, firewall and breach detection systems can identify inbound/outbound command and control communications, which are a key component ransomware threats.
  • Regularly review policies and safeguards. As the scale and sophistication of ransomware and other security threats grow, so must organizational efforts to prevent attacks before they occur. Updating preventive measures and reviewing potential weak spots such as shared-drive policies and access authentication mean less reliance on law enforcement to take down criminal operations or the “integrity” of hackers to restore data after a ransom is reluctantly paid.

While no one can predict if their organization will be affected by ransomware or another sophisticated form of cyberattack, employing a defensive enterprise-wide strategy can help stop hackers before they strike.

John Hocter,

Digital Editor

With nearly a decade of experience in print and digital publishing, John serves as Content Marketing Manager. His professional skill set includes feature writing, content marketing and social media strategy. A graduate of The Ohio State University, John enjoys spending time with his wife and daughter, along with a number of surprisingly mischievous indoor cacti.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.