TRENDING:

Access Management , Endpoint Detection & Response (EDR) , Endpoint Security

Essential Steps for Battling Ransomware Attacks

Mitch Parker, CISO of Indiana University Health, Spells Out Critical Actions Marianne Kolbasuk McGee (HealthInfoSec) • August 11, 2021    
Mitch Parker, CISO of Indiana University Health

Healthcare organizations need to take several critical steps to help mitigate the risk of ransomware attacks, including implementing endpoint detection and response software and regularly testing the integrity of their backups, says Mitch Parker, CISO of Indiana University Health.

See Also: Enabling Government for Modernized IT

"Make sure you have good EDR software … and that you're able to correlate and examine the logs … to see if there's anything in there that looks unusual," he says in a video interview with Information Security Media Group.

Backup integrity checking and testing are also absolute musts, he says.

"You have to make sure you can actually restore your backups. ... You have to make sure the backups actually work. And that nice backup to the cloud [may be] convenient, but if you have 90 terabytes of data pulled out over a gig line, it's going to be a while before your system gets back online and you can actually do work."

Access Reviews

Entities also should regularly review who has access to networks and the level of privilege. "If there are accounts in there from a number of people who left one or two years ago - and that's not uncommon, sadly - you have to get rid of those accounts," he says.

It is also essential for entities to review the level of remote access they're permitting and the security of that access, says Parker, who is a speaker at the Healthcare Information and Management Systems Society 2021 conference in Las Vegas this week.

In this video interview, Parker also discusses:

  • Other top concerns about ransomware attacks;
  • The threat of spyware to personal mobile devices, such as smartphones, that are brought into healthcare environments;
  • His organization's top security priorities and projects for the months ahead.

Parker is the executive director of information security and compliance at Indiana University Health. His areas of interest include improving security governance, regulatory compliance and working with a large variety of customers to address their business needs and incorporate risk management into all aspects of the business process.

Previous
BlackMatter Group Debuts Linux-Targeting Ransomware
Next
10 Initial Access Broker Trends: Cybercrime Service Evolves

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.