3 US Hospitals fall victim to ransomware

Reports by the BBC today have revealed that 3 more US hospitals have been hit by ransomware. The Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital, California, were all hit by ransomware, but their system are now up and running again. This is another high profile incident of hospitals being hit by ransomware this year, with Hollywood Presbyterian Medical Center in California and both the Lukas Hospital and the Klinikum Hospital in Germany suffering attacks earlier this year.

David Gibson, VP of Strategy and Market Development at Varonis provides the following recommendations; 

“Hospitals, like all organisations, will struggle to prevent, detect and recover from ransomware. Authors create variants too quickly to expect A/V and signature-based defenses to prevent all infections and ransomware is difficult to detect because file system activity is rarely logged or analysed. If you don’t have a record of file system activity, ransomware is difficult to recover from because you don’t know which users were (or still are) infected, which files were encrypted, or when.

Here’s what you can do to help yourself:

-Expect to be infected
-Start logging file system access activity and store it for forensics
-Use automation to analyse and alert on unusual file system activity – (this successfully detects and stops many ransomware infections in their tracks, as well as many other things that are worse)
-Make sure data stored on workstations is backed up
-Make sure your file servers are backed up
-Increase the frequency of your backups
-Keep your backups longer
-Make sure incident response plans address what you’ll do if you don’t have adequate backups or logging. (For example, if you don’t have a searchable log of activity you’ll probably need to manually inspect your file servers to see what else has been encrypted. )”