ECRI's recently published a report detailing their includes recommendations for healthcare leaders to address ransomware attacks on remote access systems.
Some of the recommendations are:
- Ensure that Internet-facing systems (e.g., remote access systems, VPNs) are configured securely and that security updates are applied.
- Consider blocking network traffic to internet-facing systems from potentially adversarial countries with which your organization does not conduct business.
- Routinely audit logs and traffic from remote access systems.
- Do not ignore other attack vectors such as phishing and password compromise.
- Develop incident response plans that include ransomware contingencies and recovery.
- Maintain backup and recovery methods for all IT systems, and periodically test restoration from backups.
- Consult legal counsel in the event of a data breach or ransom demand. Consider that payment of a ransom incentivizes future attacks, and that payment is not a guarantee that systems will be restored, either in part or in full.
