Preparing healthcare organizations to respond to and rebound from a disruptive ransomware attack is akin to implementing a “12-step program,” said Dr. Eric Liederman, CEO of consultancy CyberSolutionsMD and recently retired long-serving director of medical informatics at Kaiser Permanente.
“The first step is to recognize that reliance on protection alone is insufficient. Protections will fail,” he said. “But once that recognition is achieved, it’s important in my experience to create a sense of urgency,” he said in an interview with Information Security Media Group. “In the worst-case scenario, you need to have it all planned: You need to decide who will do what in the event of a major hit.”
During a ransomware attack, he said, “the CISO will temporarily become the CEO of the organization. That person is going to be telling everybody else what to do and what not to do. They’ll be telling everybody, ‘Don’t turn on your computers. They’re all gone. This system’s okay. This one’s not. You can do this, not that.’ And the CEO is going to be sitting there asking them what they can do.”
In planning ahead for the day after a ransomware attack, clinical and other teams need to be aware that they could lose access to technologies that are deeply integrated into their work every day – from electronic health records to phone systems, and even fax machines as a backup for transmitting information, Liederman said.
“The general misconception I’ve seen is that the analog phones will work. But when you trace them back ā¦ they resolve to an IP too, even though they’re not on your VoIP system. So they’re probably not going to work either,” he said.
“And that means your fax machines won’t work. You can use your fax machines as copiers, and that’s all they’ll be able to do.”
In this interview with Information Security Media Group (see audio link below photo), Liederman also discussed:
- Other critical steps in preparing clinical and other healthcare workers for workarounds and response in a ransomware attack that could leave systems offline for days or weeks;
- An approach for bringing endpoint devices back online in a secure yet fast manner;
- Top considerations for healthcare CISOs in preparing their organizations for potential ransomware and other disruptive cyberattacks.
Liederman, an internal medicine physician, is founder and CEO of consulting firm CyberSolutionsMD LLC. He previously served as director of medical informatics for The Permanente Medical Group and national leader of privacy, security and IT Infrastructure for The Permanente Federation. In these and other roles at Kaiser Permanente during his nearly 20 years at the organization, Liederman was accountable for privacy and security, IT investment, large program governance and IT infrastructure delivery and resilience.