It sounded so promising. Well-known cybercrime gangs announced they wouldn’t attack healthcare organizations during the COVID-19 pandemic. Sadly, criminals rarely keep their word and the recent ransomware attack on Magellan Health, Fortune 500 company, drives that fact home.
It took five days for Magellan to discover that the hackers had gained access through a social engineering phishing scheme. Magellan has yet to release the number of records that were taken, but the data includes names, contact information, employee ID numbers, and social security or tax ID numbers. The hackers even stole login credentials and passwords for a number of Magellan employees.
If a large enterprise like Magellan can be breached, it can happen to any healthcare organization. That’s why you need to tighten your protections today while ensuring you can restore your data if a ransomware attack is somehow successful. Here’s where to start:
Train Everyone on Your Team
The individual at Magellan who accidentally downloaded ransomware most likely didn’t see a problem. The email impersonated a known client and probably looked legitimate.
So, how can you teach your people to be sure an email is legitimate—and not socially engineered—before clicking? Mandatory online training for your team is a critical step in helping them identify malicious content in seemingly innocent emails. That’s especially important now that so many people are working from home, even in healthcare.
Here are some other areas to focus on:
Show and Tell
- Share real-world phishing scam examples and stories like that of the Magellan attack to help your employees understand what a falsified email might look like, who it might come from, and what kind of information it might ask for.
- Keep cybersecurity tips front and center to help employees avoid being tricked into downloading malware or ransomware. Stress that social engineers have become very sophisticated. They often disguise themselves with fake identities that replicate trusted sources. Vigilance and awareness are among your most important defenses.
Tighten Your Policies and Teach the Rules
- Tighten your email, online, and social media policies, because malware can enter your organization through avenues other than email. Make sure your team understands how to identify links that are OK to click on and those that aren’t.
- Outline the rules for internet browsing and social media usage on your organization’s devices, and for using company email addresses. Make sure these rules are updated regularly and reviewed by your team members consistently.
- Include training that explains your team’s regulatory and legal obligations for data protection and your organization’s policies on data security.
Train Consistently and Test Regularly
- Update and repeat your training on a regular basis and include policy training.
- Require certified course completion for new hires and regular refresher courses for your entire team.
- Test your team regularly to see if they’re adhering to your policies and can recognize malicious emails and links. There are several great tools for this purpose including KnowBe4 and Sitelock.
- Make sure you’re using effective data protection and antivirus/antimalware software to stop malicious emails whenever possible while alerting users to take care before handling an email sent from an unknown source.
Review Your Data Protection and Recovery Plan
Healthcare organizations must ensure they are protecting sensitive and private information. Read more about specific HIPAA-compliant practices for securely backing up healthcare data to the cloud in our recent blog post.
Because there’s no way to be certain that an attack won’t be successful, a solid cybersecurity training and testing program only keeps you partially safe from ransomware. Of equal importance is making sure your backup and disaster recovery plan is up to date. You’ll find a checklist for IT disaster recovery here on our blog.
Finally, make sure you can get your organization back up and running quickly by implementing a disaster recovery solution that lets you get all of your data—including structured and unstructured data, applications, and operating systems—back online following a disaster. This ensures that you can always meet the needs of your healthcare customers and their patients without missing a beat.