News of ransomware attacks have hit the headlines repeatedly over the past several weeks—a trend most likely to continue, according to Chris Ensey, COO of Dunbar Security Solutions.

Ensey spoke with Clinical Innovation + Technology about the rash of cyberattacks on healthcare providers, what’s driving them and what providers can do to guard against them.

CIT: Why is ransomware the mode of attack these days?

CE: We’ve seen the evolution of ransomware in general but we’ve seen it really spark in the marketplace in the last three or four years. Attacks initially were random—it seemed like they affected anybody caught in the net of large email campaigns that had this type of attack embedded in them. Now we’re starting to see this as organized crime groups trying to make hard money on this type of cyberattack and having to become more targeted on certain industries and groups.

CIT: Are ransomware attacks changing in nature?

CE: There is a marked difference in the approach they’re taking. They started with basically sending out email phishing. They were not that well put together. Then they moved to other routes to get ransomware onto the systems of users using things like the advertising campaigns you’d see on normal websites, leveraging networks to distribute malicious content.

With healthcare, we’re finding and the FBI is releasing some intelligence to the security community, attacks are targeting specific applications that are used in management—the backends of hospitals. It’s interesting because they still have to get through some basic level detection and then exploiting known vulnerabilities so it’s very hard to remove it. It has the ability to persist longer. Once it grabs hold, it encrypts data and they start the ransom process.

CIT: How do you recommend organizations respond to these attacks?

CE: It’s really about how prepared you can make yourself before it happens. If I were an executive at a healthcare organization, my first thought would be how to better prepare my organization to avoid this happening. The first steps are broadly educating staff about what to look for and talking to the IT department about a backup strategy. Ask questions like whether you have the ability to roll back to the backup process if there is an event and have you tested the process.

If you do have a similar attack occur, do you have the same vulnerabilities? Are the software products you manage your hospital with vulnerable to these attacks? Asking questions and having answers very quickly is absolutely critical at this stage.

CIT: How do you see this playing out over the next several months?

CE: We are absolutely in a position where more and more of these attacks will hit the news over the next several months. The security industry is gaining more awareness and understanding of attack patterns and healthcare organizations are starting to recognize this is a problem. So, that will have the effect of curtailing the impact but I don’t doubt there will be more examples of this over the coming months.

CIT: Do you think the attacks will change in a significant way?

CE: We will see this specific approach run its course until it becomes hard enough to find new targets. In this cat-and-mouse game between the good guys--the IT security departments that reside within large healthcare organizations--and the adversary. We’re trying to keep pace with them or stay one step ahead. What’s working today they will ride until it stops working and then they’ll try something else. It’s always a battle to see who can stay one step ahead but it’s not going to change anytime soon in my opinion.

Anyone out there reading this who doesn’t feel they have the appropriate resources in-house should consider engaging an outside firm that specializes in cybersecurity to help identify gaps.

CIT: How can providers avoid these attacks?

CE: The key here is limiting the exposure through the vulnerabilities that live inside these apps—the systems and tools put in place 5-10 years ago. They can’t just be installed and live forever. They have to be maintained. Security patches need to be applied. That’s a big, big thing that every organization should be looking at. Make your organization aware of how these attacks start which is through an email or some other communication through an unknown source. That’s the starting point for a much broader attempt at extorting that provider. Get that information out to your users and let them know what to look out for. Tell them to raise the red flag immediately and be on high alert. That will help immensely in terms of limiting exposure.

CIT: How might blockchain technology help healthcare providers ward off cyberattacks?

CE: That’s something new and I think a very exciting platform for all kinds of different applications but you can’t just go and buy it today—it’s not at that stage.

The basic premise is that the way the blockchain functions is as a global general ledger. In that ledger, as an end-user, you can submit and update to the general ledger. The update could be from one account to another and then the record in the general ledger is updated. To do that, you need consensus from the entire community that supports that blockchain. It’s based on cryptography as the major engine to make it go.

The ledger of that transaction is stored in a distributed system. We’re a long way away from understanding the full privacy and security challenges that are going to emerge. I think you can envision a world where a transactional historical global archive of all of a state’s healthcare records or a health system’s records can be distributed amongst all partners and players involved, and have a distant source of information there that can be tapped into.

CIT: Any more advice to offer our readers?

CE: The heightening of this for most organizations is never good if something hits them all of a sudden but those yet to be impacted are asking important questions—do we have right coverage, can we stop these attacks. It’s starting a lot of discussions. We specialize in directly monitoring the applications that live on the network. Identifying an issue before it becomes a widespread problem is key. It’s a big advantage for firms trying to prepare themselves.