The 5 Ransomware Safeguards Every MSP Must Adopt for Healthcare Customers

When a trio of federal agencies, including the FBI, issued a warning in October about an impending wave of ransomware attacks on healthcare providers, the response was a combination of alarm and “what else is new?” Ransomware geared toward hospitals isn’t exactly a novel threat; there are hundreds of healthcare facilities across the United States, United Kingdom and Europe who can testify to their own damaging encounters with ransomware gangs just this year.

When a worldwide pandemic is no deterrence for ransomware aimed at healthcare providers, you know that this particular cyber threat is here to stay. This is all the more reason why managed service providers (MSPs) supporting healthcare customers need to make ransomware protection a top priority ASAP. Protecting these organizations’ security environments isn’t just about good customer service; for patients, it’s literally a matter of life and death. When doctors and nurses can’t access medical records or attend to proper patient care because their hospital’s information systems have been seized by ransomware, that’s a problem too severe to let happen in the first place.

There may be no 100% foolproof defense against ransomware, but MSPs aren’t helpless in the fight, either. Here are five actionable and impactful safeguards every MSP can and must take to support their healthcare customers facing an oncoming wave of ransomware attacks.

1. Awareness and education. IT security is the responsibility of everyone in the organization, not just the security team or the MSP partner. Anyone with a hospital email account should know how to create a strong password with two-factor authentication. Further, it’s important for everyone to know what a phishing email looks like, especially as such emails are a huge vehicle for ransomware delivery. MSPs need to enable their customers to share this knowledge across the entire organization.
2. Bringing IT hygiene up to date. Many hospitals already have a security team, but most are heavily under resourced. MSPs should help these teams adopt and implement simple best practices that go a long way. Implementing the latest security patches, multifactor authentication and processes for regular off-site regular backups of sensitive records are all essentials.
3. Deploying EDR. Protecting against a ransomware attack means disrupting the attack chain from end to end. MSPs can help their healthcare customers do exactly this by deploying endpoint detection and response (EDR) across a health system’s network. EDR ensures every endpoint is fortified with up-to-date safeguards, providing threat response teams with the context they need to actively track down adversaries, identify threats and respond accordingly.
4. Human intervention. Technology plays a big part in thwarting ransomware attacks, but it must be complemented with human expertise. MSPs can arm their healthcare customers with an elite, human-led threat hunting response team able to recognize patterns, apply context to potential threats and get to the root cause of a recurring problem–enabling a combination of both offense and defense.
5. Rapid incident response. Unfortunately, it is inevitable that some healthcare systems will still be hit by a ransomware attack. If and when this happens to their customers, MSPs need to make sure that they can jump in immediately with lightning-fast incident response. Sophos Rapid Response provides a first-of-its-kind service designed to get healthcare organizations out of the danger zone and fast.

It’s also important to remember that MSP healthcare customers aren’t the only ones being targeted with ransomware. At Sophos, we’re continuing to see MSPs themselves being attacked. For both MSPs and their customers, it’s critical to be prepared and agile when it comes to tackling today’s ransomware landscape.

This guest blog is part of a Channel Futures sponsorship.