CSA’s (Cloud Security Alliance) Health Information Management Working Group recently released guidance on preventing ransomware in the healthcare cloud. And while specifically written for healthcare delivery organizations, anyone can learn from the comprehensive mitigation techniques. Understanding how to safeguard data in the cloud is especially important for covered entities who must keep patients’ protected health information (PHI) safe at all times under HIPAA guidelines, including when sending HIPAA compliant email. Cloud technology use increased rapidly in 2021 as have cyberattacks. Both surges demonstrate the importance of cloud security and data protection.
What is ransomware?
Ransomware is malware (or malicious software) used to deny a victim access to a system until a ransom is paid. Victims typically download malware through phishing emails that include malicious attachments or fraudulent links. Moreover, threat actors typically exploit human error using social engineering. Once a victim opens or clicks on the malware, hackers can access to a system and/or network. A breach is frustrating, and the costs (and problems) that develop after a ransomware attack can be detrimental. Costs include unrecoverable data, upset patients, shutdown services, HIPAA violations, and of course, the ransom payment.
RELATED: To pay or to not pay for stolen data
The growth in ransomware attacks over the past two years, described by some as a ransomware epidemic, has even lead to the formation of a federal task force. Such responses help organizations avoid ransomware by practicing good cyber hygiene. The latest release from CSA focuses on the cloud.
The cloud, healthcare, and ransomware
According to Microsoft, cloud computing is “the delivery of computing services—including servers, storage, databases, network, software, analytics, and intelligence—over the internet (‘the cloud’).” For healthcare, the cloud offers faster and more flexible communication with patients and other caregivers for better patient engagement.
Healthcare typically lags when it comes to the implementation of meaningful technology but is leading the way in cloud adoption. However, with this (and the implications of HIPAA and PHI) comes the need for improved cybersecurity. And as more and more healthcare organizations use the cloud, more cyberattacks occur. People generally believe that the cloud is less vulnerable than private data centers, but ransomware can affect both cloud organizations and users.
For example, if ransomware got into a system while it’s in the cloud synchronization process, the malware could propagate throughout the cloud. Moreover, cloud apps are the most common way attackers distribute malware to a device and its connected networks. Netskope’s most recent Cloud and Threat Report states that malware delivered over the cloud increased by 68% in the second quarter of 2021. However, personal app usage, along with most cloud apps and third-party plugins, is unmanaged and unsecured.
CSA guidance: prevention as defense
Cloud usage can only be safe as long as cybersecurity is configured to protect and prevent. Netskope’s Cloud and Threat Report, however, establishes that organizations and their employees are not managing IT security properly when it comes to the cloud. CSA released its most recent guidance to coincide with the NIST (National Institute of Standards and Technology) Cybersecurity Framework, which focuses on five cybersecurity cornerstones: identify, protect, detect, respond, and recover.
CSA recommends that healthcare organizations identify and classify all IT to find the best mix of cybersecurity methods. Detection techniques include endpoint protection and email security. Network segmentation ensures the separation of sensitive information while strong policies on device (business or personal) use keep well-used threat vectors secured. Then, if ransomware triggers the defenses, organizations must have a quick response: isolate the affected accounts/system, identify the source, and notify appropriate individuals. Ultimately, recovery depends on everything that came before it and could be difficult if an organization ignores a step.
In short, an organization’s response to a ransomware attack determines how costly such an intrusion can become. This is why such releases as CSA’s most recent guidance are important to understand and follow. Healthcare technological advances are great for improved patient care but only when accompanied by a strong cybersecurity program.