How Network Segregation, Segmentation Can Stop Ransomware Attacks
These intrusions, which may cause everything from EHR downtime to compromised patient data, can have a substantial impact on the operations of healthcare companies of all sizes.
Countermeasures, such as network segregation and network segmentation, can help to reduce the dangers posed by these prevalent attacks by separating and segmenting networks.
This is the process of separating mission-critical networks from the Internet and other internal, less sensitive networks.
It is possible to achieve network segmentation, which is the process of dividing a larger network into smaller network segments, using firewalls, virtual local area networks, and other separation mechanisms.
It is possible to avoid ransomware assaults, which encrypt data on the network, block access to those files, and then direct the victim to a webpage with instructions on how to pay a ransom in bitcoin to unlock the files, utilizing either of these tactics.
Is it possible for healthcare institutions to create and use network segmenting or segregation strategies to safeguard their infrastructure against ransomware?
*Some of the text in this article has been revised to make it more understandable.
Network segregation is the most effective method of preventing ransomware attacks.
Defending Yourself Against Ransomware in the Healthcare Industry
RANSOMWARE RISKS AND IMPACTS ON THE ENVIRONMENT
Healthcare businesses have been grappling with some of the most severe ransomware assaults to have occurred in recent history.
In 2017, WannaCry brought down the National Health Service of the United Kingdom and targeted medical devices, resulting in major problems for healthcare institutions around the world.
The next year, SamSam targeted healthcare and government organizations, infecting several hospitals and forcing the Department of Health and Human Services to issue a warning about the dangers of the ransomware strain in question. Ryuk ransomware first appeared in the wild in mid-2018, causing the Department of Health and Human Services to issue an advisory. Ryuk is continually evolving, and it has lately added new malware weapons to its arsenal of malicious software.
In fact, according to Kaspersky Lab’s Cyber Pulse report, 27 percent of healthcare employees reported that their organization had been targeted by ransomware in 2018.
Ransomware has the potential to cause significant damage to healthcare organizations. It can result in downtime for mission-critical systems as well as the inability to access patient records, both of which can put patients’ lives in jeopardy. It can also result in the theft of protected health information (PHI), damage to the organization’s reputation, and the possibility of fines and lawsuits.
For example, a ransomware attack against Hollywood Presbyterian Medical Center in 2016 caused significant disruption to operations in the emergency room, forcing doctors and nurses to communicate and record patient information on paper charts using fax machines.
As a result of a ransomware assault in 2018, Cass Regional Medical Center in Harrisonville, Missouri, was forced to send trauma and stroke patients to other hospitals and shut down its electronic health record system (EHR).
According to a survey conducted by the security firm Sophos of 2,700 IT managers, the median overall cost of a ransomware attack was $133,000. Five percent of those who responded indicated the attack cost them between $1.3 million and $6.6 million as a result of the incident.
A further disadvantage of ransomware attacks is that they are tough to protect against. To deceive employees into clicking on links in emails or visiting malicious websites, attackers deploy social engineering techniques such as spearphishing.
To deceive victims into downloading the ransomware, spear-phishing targets a specific individual or department inside an organization and uses information about the firm obtained from social media and/or a previous breach of the company to trick victims into downloading the ransomware.
Once the ransomware has infected a single machine, it can propagate swiftly throughout the network by self-replicating. To propagate from one computer to many others, ransomware searches for file shares or systems on which it has access privileges and exploits these to spread to other machines.
The use of network segregation and segmentation is one of the most effective approaches for healthcare organizations to address the ransomware threat, and it is becoming increasingly popular.
The Threats of Legacy Solutions to Health Information Technology Infrastructure Systems
The Department of Health and Human Services warns that health information technology infrastructure could put patient data at risk. Thinkstock is the source of this image.
ESTABLISHING AN AIR-GAPPED NETWORK SYSTEM
Essentially, network segregation is the isolation of important networks from other networks, such as the Internet, that are less sensitive.
We urge that when there is a possible risk to human life or physical injury to individuals when a system goes down, those assets be moved to their network,” says the author. A ransomware incident targeting those systems is significantly less likely, according to Kaspersky Lab Senior Security Researcher Brian Bartholomew, who spoke with HITInfrastructure.com about the threat.
Air-gapping, which is the entire disconnection of a network from the internet and unprotected internal networks, is an effective method of preventing ransomware, but it is also a costly method. Using the example of air-gapping, Bartholomew emphasized that firms wishing to do so would be required to duplicate everything on a separate network: hardware, switches, routers, etc.
According to him, “the whole idea is that there’s no physical wire connecting the two networks, so you have to design another network to house those critical systems.”
He went on to say that network segmentation could cause usability concerns within the firm. Although users would become accustomed to it, using several systems that are not connected at the outset will be a hassle. The first few days might be a little stressful,” Bartholomew speculated.
Beyond patching and traditional tools, there are other ways to improve medical device security.
Network administration is included in the Top 10 Cybersecurity Best Practices list.
PARTICULARIZING THE NETWORK INTO SECTIONS
In addition to network segmentation, which includes dividing a larger network into smaller network pieces, there is another network-based solution to ransomware: network isolation. Firewalls, virtual local area networks (VLANs), and other network isolation mechanisms can be used to accomplish this.
In addition to segmenting networks by purpose, such as separating finance from human resources, networks can also be divided by data type, such as separating protected health information (PHI) from non-regulated data.
A network’s segmentation establishes the framework for safeguards that prevent lateral movement on the network by ransomware or hackers, as well as the propagation of infection or compromise throughout the network.
The majority of firms have a strong perimeter on the outside and a relatively low level of internal control on the inside. The concept of segmentation is that finance does not always need to communicate with operations. To be successful, marketing does not necessarily need to communicate with or have access to engineering resources,” noted BlackRidge CTO John Hayes.
Not only do you have information technology systems in a hospital, but you also have medical devices that are connected to the networks and perform a variety of duties, whether it’s a CAT scanner, an X-ray machine, or blood pressure and heart rate monitor. According to Hayes, of HITInfrastructure.com, “all of these things are networked.”
Network segmentation is the process of defining internal boundaries within a network. Because of the way ransomware operates, this is very crucial to remember. Hayes explained that once ransomware has gained a foothold in a company, it “then goes around actively scanning and leapfrogging its way into other things.”
“Blocking communications is one way to prevent ransomware from spreading. If I have an internal network that is entirely open, it has the potential to spread anyplace. However, network segmentation prevents it from spreading. You’re effectively restricting it and limiting its spread to the little enclave that is infected,” says the expert.
Chris Convey, vice president of information technology risk management and chief information security officer at Sharp Healthcare in San Diego, is a beneficiary of the network segmentation implementation currently underway at Sharp’s facilities because of the security benefits it can give. Sharp is the owner and operator of four acute-care hospitals, three specialty hospitals, three linked medical groups, and a health-care delivery system.
To protect against self-propagating viruses and malware, such as ransomware, network segmentation should be implemented. Convey explained that if you logically partition your network and end-user double clicks on a broken link, the harm will be restricted to that network segment and will not cross-contaminate other portions of the network.”
“If you can more closely partition your network, at the very least you will be able to control the blast radius of the ransomware,” says the author. What’s challenging is that you don’t want to partition your system so tightly that it becomes a maintenance nightmare. As a result, “it’s a delicate balance between how tightly you want to segment” he explained.
Software-defined policy management allows an organization to “implement policies and push them out across network devices without having to access them individually,” according to the author.
According to the authors, this significantly minimizes the amount of overhead involved with network segmentation and access control list management.
Convey advised that if a company has outdated network equipment, it should check to see if the gear is compatible with the company’s network segmentation solution plan before implementing it.
“We’re upgrading equipment to make it compatible with this type of segmentation technique so that we can then use it, but it’s a lengthy process.” The project is time-consuming and will most certainly necessitate network disruption,” he stated.
“One of the most significant challenges is the administrative burden associated with maintaining these types of segmentation tactics while also balancing how tightly you lock them down. If you are not able to properly manage them, users will be unable to access something, and a system will not work or function properly,” he explained.
Healthcare Organizations and Device Manufacturers Engage in a Debate Vulnerabilities in the Cybersecurity Environment
Best Practices for Securing IoT and Connected Devices in Healthcare
INTRODUCTION TO THE TEN-STEP PLAN FOR NETWORK SEGMENTATION
While installing network segmentation might be useful in terms of security, it can also be a time-consuming and complex procedure. Depending on the situation, organizations may need to upgrade gear and software as well as recruit more IT personnel and retrain users.
Organizations should follow a 10-component structure, according to KPMG’s CIO advisory practice, in order to successfully deploy network segmentation:
Create a plan of action that outlines the objectives and categorizes them according to their importance.
2) Create a network design that identifies the number of segments as well as the number and kind of control points that connect the segments.
3) Establish an information technology asset management program that specifies the needs for segmentation and network permission levels based on the user, device, and location of the asset.
Fourth, use network access control systems such as firewalls and intrusion prevention systems as part of the network segmentation installation process.
Five) Take advantage of cutting-edge user analytics to create a baseline profile for each user — including information about their identity and device usage as well as information about where and how users authenticate — and then monitor user behavior based on that profile.
6) Make use of network policy management tools to evaluate network traffic and compare it to the rules that govern the network.
Incorporate data center micro-segmentation by separating data centers into zones that are even more compact than the network segments.
8) Establish a data classification program that establishes micro-segments and multiple levels of data center authorization based on the user, the device, and the location of the data storage facility.
To keep the network segmentation project on track, it is necessary to establish a separate program management office as well as an architecture management office.
Tenth, establish an organizational change management department to ensure that end users are informed and engaged, as well as to build strategies, plans, and tactics that will garner stakeholder acceptance.
Businesses should take further precautions to mitigate the threats posed by ransomware, in addition to segmenting and segregating their network infrastructures.
Organizations should make regular backups of their networks and data to ensure that they can recover quickly if a ransomware assault is successful.
‘If you don’t have good backups, then you’re either going to have to rebuild everything from scratch or you’re going to suffer a tremendous genuine loss of data,’ says Hayes.
Additionally, personnel should be educated on how to identify spearphishing emails and ransomware assaults, among other things. According to Bartholomew, “If your users are aware of what ransomware does, what it looks like, and how it works, you can train them to spot ransomware ahead of time and limit the risk.”
Organizations must ensure that they do regular vulnerability patching, deploy antivirus software, and adhere to best practices in cybersecurity hygiene to avoid falling victim to cyberattacks. In addition to patching and vulnerability management, Convey underlined the importance of training your employees, employing good email filters to prevent some of the nasty material from getting in, and maintaining up-to-date antivirus software.
Even though ransomware will continue to constitute a danger to healthcare companies for the foreseeable future, there are steps that businesses can take to prevent ransomware from infecting their systems and to mitigate the damage if an assault does succeed initially.
Network segregation and segmentation are two solutions that healthcare organizations should consider using to reduce the dangers associated with ransomware infections. Even though they are difficult and expensive, they will safeguard enterprises from the expenses, system and reputation damage, and patient risk that will result from a successful ransomware assault.