With the WannaCry attack still fresh in everybody’s mind, it’s prudent to ask: Does my health IT vendor take great pains to ensure the protection of my trusted data?


Your vendor can prove that they take their custodian role very seriously by incorporating a multi-faceted approach of prevention and reaction. Both of these facets incorporate social and technological protection.

Prevention

The first step to preventing ransomware is thwarting the initial attack. Your vendor should approach this from both a technological and a social attack vector. From a technology side, they should:

  • Utilise industry leading anti-virus software and VPN technology to ensure that your endpoints are safe
  • Ensure security patches are done in a timely manner, across all systems, endpoints, and servers
  • Continuously monitor their networks for any indication of malicious activity
  • Conduct product and system penetration tests and code reviews, ensuring that there are no exposed vulnerabilities that could be exploited

Social Engineering

The primary WannaCry attack vector was executed through a phishing campaign. Once inside an organisation’s network, the ransomware spread through a vulnerability in Microsoft’s SMB protocol. To prevent social engineering attacks such as phishing campaigns, targeted attacks, etc., your vendor should:

  • Require all employees to take annual training classes that provide phishing awareness and education on security and compliance
  • Conduct random internal phishing campaigns for training and awareness purposes. These campaigns will indicate whether your vendor’s vulnerability to a phishing campaign is near the industry average or, preferably, below
  • Conduct annual developer security training to help ensure their product and environment code is secure

Reaction

Should your vendor be successfully attacked by a malicious party, the organisation should have several implemented controls, covering both technology and processes, that will help minimise and mitigate the potential damage.

Technology

Your vendor should utilise best-in-class technology and security architecture to minimise the potential damage, including:

  • Segregated networks that minimise the blast radius of any malicious activity
  • Daily, encrypted, secure backups of the system that ensure rapid restore capabilities of data and systems

Process

Ask your vendor if they’ve created a set of processes that would guide them through the management of a successful attack on their systems. These include:

  • A global crisis management system that guides the communication, activities, and remediation efforts on a worldwide basis. Ideally, this system should be annually exercised and refined to ensure its efficacy and viability
  • An annually exercised business continuity and disaster recovery system that ensures the vendor’s data backup and processes are working efficiently

Though a ransomware event is never pleasant, your vendor should have significant preventative, as well as reactive, technology and processes in place to minimise, or completely thwart, an attack. With this understanding, you and your vendor’s other clients will be able to relax during the next attack, knowing that your data is as safe and secure as possible.

Join Gerard Scheitlin for his June 15 webinar, “Preventing and Dealing with Ransomware Attacks.” Learn more and register now!