Due to prevalent Ransomware attacks targeting hospitals around this state, I have been directed to find long term solution(s) to such malice.
I will highlight with the aid of a chart four steps that will help us curb this menace.
Kindly see to it that the steps are followed to the letter.
Step 1 – Authorization
Create a standard back-up process for the data. This backup should be made recurrent.
Copies of these backups should be stored offline to guarantee that the malware has no access to them.( Ioanid, et al (2017, September).
The hospital should maintain a” gold image” of system configurations, that is, a configuration that allows the hospital to reset systems to the pre-attack state.
Staff responsible for maintaining all of the computers’ operating systems, applications, software, browsers and plug-ins , firmware and anti-virus software should ensure they are up-to-date with the latest patches.Before applying the patches, professionals from the IT department must thoroughly test them, along with the rest of the technical and application infrastructure so as to ensure the hospital’s firewall is properly configured by requiring passwords on Remote Desktop Protocol(RDP) ports( Ioanid, et al 2017, September).
Categorize IT assets e.g. desktops, servers , routers ,data, and personnel into groups and restrict access to these groups using entry and exit traffic filtering. Also, at the local device level, the hospital should consider disabling USB( Universal Serial Bus) ports to prevent malicious software delivery.( Hassan et al,2019).
The hospital should also develop a “whitelist” of specified programs that are allowed to run, while blocking all others in order to prevent malicious executanles from running.
Restrict the ability of users to “write” which is to create and delete files on shared drives of departmental or group shares.
Review of the hospital’s wide e-mails to ensure they conform to the criteria of legitimacy
IT profeddiond must help create messages that users can easily identify them as legitimate e-mails. All email and website links should display the complete interest address(URL) to build trust.( Hassan et al,2019).
Conducting phishing attacks by send fake (but safe) e-mails or links to websites that appear to be from legitimate sources.
IT department personnel should configure their virus protection software to scan all software downloaded from the internet prior to allowing users to perform it. (Sittig, et al ,2016)
Step 3- Roles
Develop a network and user activity monierinfg system that conducts surveillance for suspicious activities
Once the threat is contained, the IT department will contact the hospital’s insurance 9
(Sittig, et al, 2016)
In coclusion,with the recent swift adoption of EHRs, the treat of ransonware in hospitals has been rampant. Sending a simple email mess age to all staff reminding them not to ckicvk on suspicious links or attachements is no longer suffient in preventing the threat of cyber attacks in this cuirrent environment.
Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(02), 624-632.
Hassan, N. A. (2019). Ransomware revealed: a beginner’s guide to protecting and recovering from ransomware attacks. Apress.
Ioanid, A., Scarlat, C., & Militaru, G. (2017, September). The effect of cybercrime on Romanian SMEs in the context of wannacry ransomware attacks. In European Conference on Innovation and Entrepreneurship (pp. 307-313). Academic Conferences International Limited.