ECRI's recently published a report detailing their includes recommendations for healthcare leaders to address ransomware attacks on remote access systems.
Some of the recommendations are:
Ensure that Internet-facing systems (e.g., remote access systems, VPNs) are configured securely and that security updates are applied.
Consider blocking network traffic to internet-facing systems from potentially adversarial countries with which your organization does not conduct business.
Routinely audit logs and traffic from remote access systems.
Do not ignore other attack vectors such as phishing and password compromise.
Develop incident response plans that include ransomware contingencies and recovery.
Maintain backup and recovery methods for all IT systems, and periodically test restoration from backups.
Consult legal counsel in the event of a data breach or ransom demand. Consider that payment of a ransom incentivizes future attacks, and that payment is not a guarantee that systems will be restored, either in part or in full.
