Healthcare organizations increasingly dealing with advanced threats

2016 has seen a spike in reported ransomware attacks in the healthcare industry. Because these attacks prevent access to patient record systems, their impact extends beyond simply doing business; they represent a threat to the delivery of care.

In February, Hollywood Presbyterian Medical Center announced that it had paid a $17,000 ransom to restore files encrypted by a ransomware attack. The good news is that HPMC was able to restore the data and return to normal operations relatively quickly. The bad news is that it could happen again without a comprehensive plan in place.

Just a month later, Methodist Hospital in Kentucky was crippled by a Locky crypto-ransomware attack that sent the hospital into an “Internal State of Emergency.” The Locky malware entered the network through a spam email attachment and spread across the network, infecting multiple systems. While the 4-bitcoin ransom (about $1,600) was modest, the damage done by five days of interrupted hospital operations was not. In the end, Methodist Hospital did not pay the ransom, and was able to recover by activating its backup system.

To fight – or more importantly prevent – such attacks, Cisco offers a range of security solutions including its subscription-based Advanced Malware Protection (AMP) suite that protects your endpoints, your network, and your email and web traffic. Managed through a web-based management console, AMP can be deployed on a variety of platforms to safeguard your data and your systems proactively.

AMP is fueled by the best global threat intelligence to protect against known and emerging threats. The Cisco Talos group analyzes millions of malware samples and terabytes of data per day and pushes that intelligence to AMP. AMP then correlates files, telemetry data, and file behavior against this context-rich knowledge base to proactively defend against threats.

Advanced AMP sandboxing capabilities perform automated static and dynamic analysis of files against 500+ behavioral indicators. This uncovers stealthy threats and helps your security team understand, prioritize, and block sophisticated attacks.

To block malware trying to enter the network, AMP uses one-to-one signature matching, machine learning, and fuzzy fingerprinting, AMP analyzes files at point of entry to catch known and unknown malware. These tools provide faster time to detection and automatic protection for your organization.

Even after a file enters your network, AMP continues to watch, analyze, and record its activity, regardless of the file’s disposition. If malicious behavior is spotted later, AMP sends your security team a retrospective alert that contains the complete recorded history of the threat: where the malware came from, where it’s been, and what it’s doing. Then, AMP gives you the control to contain and remediate it with a few clicks.

For more information about the advanced malware protection Cisco provides, or to speak with a Zones security specialist, contact your Zones account executive or call 800.408.ZONES