After more than two years dealing with the menace of being held hostage by ransomware, cryptominers are the last thing healthcare IT and security departments want to hear about. But the evolution of cyberthreats continue, with an April 2018 publication from HIMSS citing a recent report that the Q1 increase in cryptominer attacks came at the same time that ransomware attacks were slightly decreasing.
It’s never a good thing to hear that cybercriminals are getting innovative, but that’s what’s happening. A cryptominer gets into a system via an infected website or phishing email then embeds itself on the user’s computer, using its system power to “mine” cryptocurrencies for profit.
Let’s be clear, you do not need to be a direct cryptocurrency user to be at risk. Anyone can visit a seemingly innocuous site or use public wifi and get cryptojacked. Be alert. If you – and your employees – know your assets and how they’re supposed to perform, you could head off a cryptominer attack early.
Not that you need another reason for enterprise-wide cyberawareness, but the cryptominer threat also drives home the crucial need for audit controls like asset tracking and patch monitoring. As HIMSS Director of Privacy & Security Lee Kim recommends, besides thinking like an attacker and defender, healthcare organization IT departments need to “Know where your assets are and how they are secured.” You’ll also want to answer:
How often do you conduct cyberawareness training and testing?
How do you track your technology assets? Your updates?
How often – and how quickly – do you implement vital software security updates?
How do you audit your cybersecurity action plan? How often?
How quickly do you mitigate risks uncovered by your security risk analysis?
Respond honestly to those questions and you may expose unwelcome gaps. Then take steps to remediate the gaps that can not only expose sensitive healthcare data, but also make it easy for cryptominers to infiltrate your healthcare organization.
Going digital has been a boon to healthcare, but that comes with ever-increasing security risks. To implement and manage your healthcare cybersecurity program, you’ll need to know how you’re going to manage those risks. In MyVCM, you can set up audit workflows to assure that your system and assets get patched on a timely basis, deploy your employee cyberawareness training, and ensure that every employee understand the role they play when handling sensitive data.
With every new cyberthreat, we’re reminded that to meet the challenge of healthcare cybersecurity, our journey is ongoing.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.