Consider blocking network traffic to internet-facing systems from potentially adversarial countries with which your organization does not conduct business.
Routinely audit logs and traffic from remote access systems.
Do not ignore other attack vectors such as phishing and password compromise.
Develop incident response plans that include ransomware contingencies and recovery.
Include policies on patient diversion.
Include downtime and offline procedures for operating without an electronic medical record (EMR) and all other networked medical systems and devices.
Identify who to contact at law enforcement agencies.
Identify your primary vendor contacts for clinical and IT systems.
Maintain backup and recovery methods for all IT systems, and periodically test restoration from backups.
Consult legal counsel in the event of a data breach or ransom demand. Consider that payment of a ransom incentivizes future attacks, and that payment is not a guarantee that systems will be restored, either in part or in full.
The full report, released to ECRI members, includes high-profile ransomware incidents that recently impacted the healthcare industry. ECRI is one of the nation's largest patient safety organizations, and the only organization worldwide to conduct independent medical device evaluations.
SOURCE ECRI
Back to HCB News
