5 Ways Healthcare Systems Can Weather the Ransomware Storm


As if navigating a second wave of COVID-19 wasn’t enough of a headache for the healthcare industry, last month, three top federal agencies – the FBI, Department of Health and Human Services, and Cybersecurity and Infrastructure Security Agency – issued a warning of an onslaught of ransomware attempts being launched against the U.S. healthcare system and designed to lock up hospital information systems.

Unfortunately, cyberattacks - specifically ransomware - are not a new phenomenon for the healthcare industry. It was just five years that an infamous ransomware attack took down computers at the Hollywood Presbyterian Medical Center. This year’s hospital ransomware episode across the US, UK, and Germany have been a stark reminder that healthcare cyberattacks are here to stay.

In a time when nothing is for certain, one thing we can count on is that attackers are going to continue to evolve their ransomware tactics, and as such will continue to target the healthcare industry due to its wealth of valuable confidential information. For managed service providers (MSPs) servicing the healthcare industry, this means implementing a combination of prevention and rapid incident response measures in their customers’ environments is more important than ever.

Let’s have a look at five of the top ransomware safeguards every MSP can take to support its healthcare customers when they need it most:

1. Awareness and education. IT security is the responsibility of everyone in the organization, not just the security team or the MSP partner. Anyone with a hospital email account should know how to create a strong password with two-factor authentication. Further, its important for everyone to know what a phishing email looks like, especially as they are a huge vehicle for ransomware delivery. MSPs need to enable their customers to share this knowledge across the entire organization.

2. Bringing IT hygiene up to date. Many hospitals already have a security team, but most are heavily under resourced. MSPs should help these teams adopt and implement simple best practices that go a long way. Implementing the latest security patches, multifactor authentication, and processes for regular off-site regular backups of sensitive records are all essentials.

3. Deploying EDR. Protect against a ransomware attack means disrupting the attack chain from end to end. MSPs can help their healthcare customers do exactly this by deploying endpoint detection and response (EDR) across a health system’s network. EDR ensures every endpoint is fortified with up-to-date safeguards, providing threat response teams with the context they need to actively track down adversaries, identify threats, and respond accordingly.

4. Human intervention. Technology plays a big part in thwarting ransomware attacks, but it must be complemented with human expertise. MSPs can arm their healthcare customers with an elite, human-led threat hunting response team able to recognize patterns, apply context to potential threats, and get to the root cause of a recurring problem – enabling a combination of both offense and defense.

5. Rapid incident response. Unfortunately, it is inevitable that some healthcare systems will still be hit by a ransomware attack. If and when this happens to their customers, MSPs need to make sure that they can jump in immediately with lightning-fast incident response. Sophos Rapid Response provides a first-of-its-kind service designed to get healthcare organizations out of the danger zone and fast.

It’s also important to remember that MSP healthcare customers aren’t the only ones being targeted with ransomware. At Sophos, we’re continuing to see MSPs themselves being attacked. For both MSPs and their customers, it’s critical to be prepared and agile when it comes to tackling today’s ransomware landscape.

Guest blog courtesy of at Sophos. Read more Sophos blogs here.