Summary
Ransomware attacks against healthcare providers are increasing and puts patient safety at risk. Ransomware attacks can severely affect a healthcare provider's ability to provide care to patients (e.g., diversion of emergency vehicles, cancellation of appointments) delay or prevent a facility's ability
Content
ECRI Recommendations:
1. Ensure that protections against phishing campaigns are in place by following best practices, including:
- Maintaining up-to-date spam and malware filtering on e-mail systems
- Routine phishing awareness education for employees
2. Ensure that Internet-facing systems are configured securely and that security updates are applied, including:
- Remote access systems and VPNs
- Electronic medical records (EMRs) (and other data management systems) and Patient Portals.
3. Implement multi-factor authentication for Internet-facing services:
- Employee Remote Access
- Virtual Private Networks
4. Ensure that antimalware/antivirus software is current and definitions are up to date on all IT systems.
5. Maintain offline backup and recovery methods for all IT systems.
6. Develop incident response plans that include ransomware contingencies and recovery.
- Include policies on patient diversion.
- Include downtime and offline procedures for operating without an EMR and possibly other networked medical devices.
- Know and understand who to contact at law enforcement agencies.
- Ensure that your Cyber Insurance policy has provisions for ransomware.
- Know your primary vendor contacts.
0 Comments
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now