Protecting Healthcare Facilities from Ransomware in a Post-Pandemic World
Over the weekend, Universal Health Services (UHS), which operates over 400 healthcare facilities, was struck by one of the largest ransomware attacks in the U.S history that left multiple facilities without access to computer and phone systems.
A data breach can bring a healthcare organization to its knees from a financial perspective. According to the University of North Dakota, the healthcare industry lost $25 billion to data breaches in 2019. However, since healthcare facilities are part of society’s critical infrastructure, financial ruin isn’t the only potential outcome of a cyberattack. In addition to threatening a facility’s finances, a ransomware attack can threaten patients’ lives by taking down critical patient records systems and smart medical equipment.
Ransomware Attacks Accelerate Post COVID-19
Many healthcare organizations simply don’t know how to prevent ransomware attacks, but there are steps they can take to harden their cyber defenses, especially password security. Weak or stolen passwords are responsible for over 80% of data breaches, and most ransomware attacks happen after successful brute-force cyberattacks. In these attacks, cybercriminals take lists of weak or previously compromised passwords, then attempt to use them to access healthcare systems. Once inside, they can steal data, plant ransomware, or both.
Hardening password security is simple and inexpensive:
- Require that employees use strong, unique passwords for all accounts.
- Require that employees use multi-factor authentication (2FA) on all accounts that support it.
- Require that employees use a password manager.
- Subscribe to a Dark Web monitoring service. These services scan Dark Web forums and notify organizations in real-time if any of their employee passwords have been compromised, allowing IT administrators to force password resets right away.
Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200 or visit mPoweredIT.com.