How to mitigate the threat of ransomware

The threat of ransomware and the damaging impact it can have on healthcare organizations continues to dominate headlines. Last month, an investigation by British newspaper i revealed that 28 NHS trusts have fallen victim to ransomware attacks in the past 12 months alone.

It’s perhaps unsurprising then that ransomware is currently the highest priority for most of the healthcare organizations I have worked with over the last six months. In fact, according to the results of the Intel HLS Breach Security Program, NHS Trusts across the UK are prioritizing ransomware more than any other type of breach. That said, despite this, organizations readiness for such an attack still only averages around 55%. Whilst many have invested in baseline preventions such as backup and restore, email and web-gateway protection and anti-malware, take up of basic capabilities such at Vulnerability Management & Patching, and more advanced capabilities such as threat intelligence and business continuity & disaster recovery are severely lacking. Vulnerability Management & Patching can ensure operating systems, security and healthcare applications are kept fully patched and up to date, ensuring that they expose the minimum vulnerabilities and “attack surface” to breach and ransomware threats. Threat intelligence can help detect infections quickly, enabling fast quarantine and remediation. Secure hot standby systems, as part of business continuity and disaster recovery, can provide a fallback to keep critical processes operating while remediation is completed.

Whilst no organization is immune from suffering a breach, healthcare providers need to make sure they are not at the “back of the herd” and vulnerable to breaches and ransomware. With The Guardian reporting that 54% of UK businesses have experienced a ransomware attack in the past year, and healthcare workers being on the frontline of ransomware spear phishing attacks, greater education and an understanding of how to mitigate against these risks needs to be high on the agenda.

Organizations need to go beyond basic compliance and gain greater clarity on how their security measures up against their industry peers. The Intel HLS Breach Security Program evaluates 42 different security capabilities, which take into account a range of administrative, physical and technical safeguards that can help mitigate the risk of security breaches and ransomware. These insights can help organizations determine how far behind or ahead they are on a wide range of security capabilities and alert them to any areas which require closer attention, either individually or collectively.

Healthcare data is one of the most attractive to hackers. Not only is it incredibly valuable and vulnerable to lucrative abuse in medical claims fraud, prescription fraud, financial fraud, extortion and many other ways, but breached healthcare data and the most sensitive personally identifiable data it includes, can’t be cancelled easily, like credit card numbers, for example. Furthermore, healthcare breaches can often go undetected for months due to a lack of effective security breach detection capabilities in healthcare. As such, security breaches can have a potentially crippling impact on businesses. Access to healthcare data can be restricted in the case of ransomware, and lead to ransomware demands and/or fines. Crucially, breaches of this kind can prevent organizations from being able to deliver their core services and lead to extensive periods of downtime which, in some cases, can last up to 10 days.

By looking at their state of maturity against each of the capabilities evaluated as part of the Intel HLS Breach Security Program, NHS Trusts and HLS organizations can ensure limited resources and budget is distributed wisely. This will help them prepare for a wide range of attacks, and identify the extent to which they need to scale their current levels of protection to ensure they are not vulnerable relative to peers and the broader healthcare industry.

It’s important that organizations gain an understanding of the breadth of issues.  Despite ransomware commanding a great deal of attention at the moment, threats such as: cybercrime hacking; the loss or theft of mobile; or media and insider accidents or workarounds, all represent major threats to a healthcare organization’s ability to deliver quality care to patients.  Security and privacy should not be the sole responsibility of the Chief Information Security Officer, since any member of the healthcare organization could experience social engineering or spear phishing, or be the source of accidents or workarounds that could lead to breaches. The entire healthcare organization needs to embrace security and privacy of patient data as part of their responsibility. There are a wealth of safeguards organizations need to consider to mitigate against ransomware, as part of a holistic, multi-layered, and effective approach. Everyone has a part to play. Healthcare workers now have access to a far wider set of tools which enable them to perform their duties more effectively, but it’s critical that they understand how to use them in a way that minimizes risk and maximizes security, and ultimately improves the quality and cost of healthcare by avoiding breaches and ransomware.

If you are an HLS organization interested in learning more about receiving a complimentary and confidential breach security benchmark assessment, or an industry partner interested in exploring collaboration opportunities around this program, we invite you to contact us at You may also be interested to see an example breach security assessment benchmark report at

David Houlding, Director, Healthcare Security and Privacy at Intel spoke at the London Healthcare Privacy and Security Forum at the Soho Hotel on Thursday 13th October. The event was run in collaboration with NHS, Microsoft and Citrix.