4 ways hospitals can prevent a ransomware attack

Hospitals are a prime target for hackers, and they can take a few simple steps to help protect their systems from cyberthreats.

Hospitals are a prime target for hackers, but providers can take steps to ensure their systems are better protected against ransomware and other cyber threats.

The federal government has taken steps on the national level to improve cybersecurity, but hospital leaders can also encourage staff to engage in simple behaviors to prevent cyberattacks, wrote Paul H. Keckley, Ph.D., healthcare analyst and author of The Keckley Report, in an article for Hospitals & Health Networks.

RELATED: FBI Director James Comey: Hospitals, bureau must team up to combat healthcare cyberthreats

“A ransomware incident is a possibility in every hospital, clinic and outpatient facility,” Keckley wrote. “Preventing it is a high priority, and, if attacked, managing it quickly and efficiently is an absolute necessity to sustain patient care and protect the reputation of the organization.”

He suggested organizations take steps to protect themselves, such as:

  • Ensure that internet browsers, computer operating systems and applications are updated regularly
  • Use strong, hard-to-guess passwords
  • Don’t open links or attachments that seem suspicious or come from unfamiliar sources
  • Back up important files on a routine basis

RELATED: For hospitals defending against cyberattacks, patch management remains a struggle

In addition, the healthcare industry as a whole can spearhead initiatives, like potential updates to the Health Insurance Portability and Accountability Act (HIPAA), to better protect against cyberthreats, according to an article from Harvard Business Review.

Health systems should also look at investing in cyber insurance, a tactic employed frequently by financial organizations.

Another lesson from the financial sector: Try “tokenization,” which is common with credit card companies. It can protect patient data that is included in a card-based transaction.

“Given that most transactions in the healthcare sector are conducted through vulnerable hardware and software, it’s critical for providers and payers to strengthen their cybersecurity,” according to the article.

A recent report released by the Department of Health and Human Services found that staffing shortages and a lack of resources for providers are key issues that can leave healthcare organizations vulnerable. HHS saw an increase in ransomware attacks in 2016, officials said at a hearing before the House Energy and Commerce Oversight Committee on Thursday about healthcare cybersecurity.

RELATED: HHS task force spells out ‘urgent challenge’ of cybersecurity in healthcare

“These attacks shifted the threat landscape considerably as they no longer threatened just personal information but the ability for healthcare organizations, and thus communities, to provide patient care,” Steve Curren, director of the Division of Resilience in the Office of Emergency Management at HHS’s Office of the Assistant Secretary for Preparedness and Response, said at the hearing.

The healthcare industry is particularly on edge about cybersecurity threats following the “WannaCry” ransomware attack that crippled hospitals around the world.