Over the weekend, Universal Health Services (UHS), which operates over 400 healthcare facilities, was struck by one of the largest ransomware attacks in the U.S history that left multiple facilities without access to computer and phone systems.
A data breach can bring a healthcare organization to its knees from a financial perspective. According to the University of North Dakota, the healthcare industry lost $25 billion to data breaches in 2019. However, since healthcare facilities are part of society’s critical infrastructure, financial ruin isn’t the only potential outcome of a cyberattack. In addition to threatening a facility’s finances, a ransomware attack can threaten patients’ lives by taking down critical patient records systems and smart medical equipment.
Cybersecurity experts have been warning about this scenario for years, and unfortunately, it’s no longer hypothetical. Wired reports that a patient in Germany died after a ransomware attack shut down systems at Duesseldorf University Hospital, delaying her treatment by about an hour as she was transported to a facility located 20 miles away.
Ransomware Attacks Accelerate Post COVID-19
Many healthcare organizations simply don’t know how to prevent ransomware attacks, but there are steps they can take to harden their cyber defenses, especially password security. Weak or stolen passwords are responsible for over 80% of data breaches, and most ransomware attacks happen after successful brute-force cyberattacks. In these attacks, cybercriminals take lists of weak or previously compromised passwords, then attempt to use them to access healthcare systems. Once inside, they can steal data, plant ransomware, or both.
Hardening password security is simple and inexpensive:
- Require that employees use strong, unique passwords for all accounts.
- Require that employees use multi-factor authentication (2FA) on all accounts that support it.
- Require that employees use a password manager.
- Subscribe to a Dark Web monitoring service. These services scan Dark Web forums and notify organizations in real-time if any of their employee passwords have been compromised, allowing IT administrators to force password resets right away.
Keeper Helps Healthcare Facilities Prevent Ransomware Attacks
Keeper’s zero-knowledge password management and security platform gives IT administrators complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies across the entire organization, including strong, unique passwords, 2FA, role-based access control (RBAC), and other security policies. Fine-grained access controls allow administrators to set employee permissions based on their roles and responsibilities, as well as set up shared folders for individual departments, project teams, or any other group.
For enhanced protection, organizations can add Keeper BreachWatch™, which scans Dark Web forums and notifies organizations in real-time if any of their employee passwords have been put up for sale. BreachWatch seamlessly integrates with the Keeper password management platform, enabling IT administrators to force password resets right away.
Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization.