Cloud Security Alliance Releases New Guidance For Healthcare Delivery Organizations That Provides Measurable Approach To Detecting And Defending Against Ransomware Attacks
With 560 ransomware attacks on healthcare providers in 2020, HDOs must architect their cloud for failure to better protect patient data
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released Ransomware in the Healthcare Cloud, new guidance from the CSA Health Information Management Working Group. The document explains how cybercriminals use ransomware to attack both the healthcare delivery organization (HDO) and the cloud service provider, and offers security practitioners strategies for detecting ransomware and protecting an HDO’s data.
Recommended AI News: Cynamics raises $7 million to bring AI-driven Network Detection and Response to North America
“When one considers that 2020 saw a 715-percent year-over-year increase in ransomware attacks and the devastating effects and cost ransomware leaves in its wake, it’s no wonder HDOs are under significant strain to prevent these attacks. Ransomware can significantly impact an HDO’s operation, patient safety, and reputation and cause a complete shutdown, putting patients at risk. This makes it imperative that they do all they can to secure their data regardless of where it’s housed,” said Dr. Jim Angle, the paper’s author and co-chair of the Health Information Management Working Group.
Presented in accordance with the National Institute of Standards and Technology (NIST) Cybersecurity Framework’s structure of identify, protect, detect, respond, and recover, the guidance takes a structured, measurable approach to defending against ransomware and details the processes HDOs should be taking to lessen the chance of a successful attack. The document, in addition to reviewing the seven stages of a ransomware attack and common social and physical engineering attack vectors, points readers to several control frameworks, including the Cloud Controls Matrix, an industry-recognized cybersecurity control framework for cloud computing, that can be used to support the NIST Cybersecurity Framework.
Recommended AI News: Fortem Technologies Conducts Counter Drone Test For Department Of Defense Customer
“Ransomware attacks can be devastating for HDOs. Not only is there the potential loss of valuable and irreplaceable files, but it can take hundreds of hours of manpower to remove the infection and get systems working again. It’s critical that HDOs have a clear understanding of their business and technology so they can apply the appropriate security measures and mitigate their risk,” said John Yeoh, Global Vice President of Research, Cloud Security Alliance.
As the paper explains, traditional backup methods no longer suffice in the face of time-delayed ransomware attacks. Nor are public clouds impervious, and while they do offer greater protection, because cloud storage is increasingly being used to back up healthcare data, it too is a popular target for ransomware attacks. To protect patients’ data, HDOs must architect their cloud for failure, beginning with identifying an HDO’s assets, business environment, governance, risk management, and supply chain. To help users ensure they are following the proper steps, the document also includes a quick-response checklist from the Department of Health and Human Services, Office for Civil Rights.
The CSA Health Information Management Working Group aims to provide a direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications, and storage) to their clients, and to foster cloud awareness within all aspects of healthcare and related industries. Individuals interested in becoming involved in Health Information Management future research and initiatives are invited to join the working group.
Recommended AI News: BrainBox AI Partners with KMC Controls to Further Expand its Autonomous AI Technology Footprint
Comments are closed.