Around 200,000 systems have been hit by the malware WannaCry, resulting in doctors being blocked from gaining access to patient files and forcing emergency rooms to send people away.Despite Microsoft sending out a patch for the vulnerability a few months ago, those unpatched Windows XP and Server 2003 systems were the culprit of the mass ransomware worm spread around the world. It only took one click of a link in an email to send mass hysteria through many organizations.\u201cHealthcare organizations are particularly vulnerable to these attacks because awareness about email authentication is still quite low in the sector as a whole. In order to protect the nation\u2019s healthcare infrastructure from future ransomware attacks, we encourage all security executives to ensure their organizations have proper email authentication at enforcement,\u201d said ValiMail CEO Alexander Garcia-Tobar. \u201cIt only takes a click from one person to endanger an entire enterprise.\u201dHe said hopefully this will be a wake-up call for organizations to redouble their efforts and at least "lock the front" door.Paul Zeiter, president of\u00a0Zerto, said last week\u2019s news demonstrated a fundamental flaw in IT security strategy for many enterprises that lack IT resilience to quickly neutralize these types of attacks and other business disruptions.\u201cThis sinister, criminal activity shows no mercy with victims ranging from cancer-related nonprofits, to vital societal services such as healthcare, global transportation infrastructure, and global banking systems. The leading practice to protect organizations from this technological\u00a0scourge\u00a0\u2013 though surprisingly vastly underutilized \u2013\u00a0is integrating disaster recovery capabilities that simply \u2018rewind\u2019 to the seconds just before ransomware encryption hits, thereby nullifying the threat,\u201d he said.Dante Orsini, senior vice president of business development at\u00a0iland, said with the recent large scale ransomware attack on the the National Health Service (NHS),\u00a0IT organizations should be reviewing their own policies and hoping they are protected, further reinforcing the need for organizations to have a comprehensive back up and disaster recovery processes.\u201cThe problem with malicious software\u00a0is there is no single magic bullet. Organizations need to fundamentally change how they tackle this threat and approach it from multiple angles,\u201d he said.It starts with user education and training then it is IT's job to deliver both preventative\u00a0measures and protection policies to create a resilient IT, he said.Last week is an example of how vulnerable some of our most important infrastructure is to attack.\u00a0\u201cThis is an unfortunate example of the very real and potentially devastating effects cybercrime can have on society, " said Ebba Blitz, CEO of Alertsec. "Make sure all the software on your system is up to date. This includes the operating system, the browser and all of the plug-ins that you would normally find in a browser.\u00a0In order to minimize the impact of ransomware attacks like this, IT departments should also be sure to install a scanning software that blocks or sandboxes suspected files.\u201dAccording to Rick Hanson,\u00a0executive vice president of Skyport Systems,\u00a0\u201cWe as an industry must share intelligence and start taking real action to segment our networks into trusted and un-trusted segments. Focus your security efforts on building secure enclaves around those applications and data that you care about most. Network-based security for the lowest common denominator is no longer a solution."Hanson added, "As the NHS is dealing with a disastrous attack, this is a wake-up call to other agencies that these threats are not only real, but entirely possible. We rely on compliance alone to give ourselves the feeling of being safe. This is a real-world example where a defensive in-depth strategy needs to be employed."Another week, another incidentDespite all the best practices and tips sent out by vendors, healthcare breaches continue to occur. Recently 7,000 patient records were compromised at the Bronx Lebanon Hospital Center in New York.Robert Lord, CEO, Protenus, said after a relatively quiet start to the year, there has been an uptick in the number of health data breach incidents and a drastic increase in the number of breached patient records this month, with almost 700,000 patients breached in a single incident.Protenus tracks healthcare breaches through its breach report. He said there is no way to predict when there will be a spike in the number of health data breach incidents.\u00a0Some recent events according to the U.S. Department of Health and Human Services:In March, Urology Austin, PLLC had 279,000 records breached during a hacking incident.In April, Harrisburg Gastroenterology Ltd had a breach where 93,000 records were compromised because of a hacking incident on its network server.In March, VisionQuest Eyecare in Indiana had 85,000 records stolen.Ponemon Institute estimates data breaches cost the healthcare industry $6.2 billion last year.Joe Ferrara, president and CEO of\u00a0Wombat Security, said when the healthcare industry is hit with a data breach or ransomware attack it presents a huge risk to the delivery of care and patient data. The healthcare industry faces distinct challenges in their environment. It\u2019s key for a training program to work in harmony with busy, irregular, unpredictable schedules. Training staff empowers them to be the first line of defense in cyber security. The best way to arm the healthcare industry is with the right training and tools that works with their schedule to avoid these kind of attacks in the future. \u00a0Varonis' Data Risk Report showed an average of 20 percent of folders per organization open to every employee. Additional key findings from the report include:236.5 million folders containing 2.8 billion files, comprising 3.79 petabytes of data were analyzed.Of that figure, 48,054,198 folders were open to \u201cglobal access groups,\u201d or groups that grant access to the entire organization.47 percent of organizations had at least 1,000 sensitive files open to every employee; 22 percent had 12,000 or more sensitive files exposed to every employee.71 pecent of all folders contained stale data, accounting for almost 2 petabytes of data.24.4 million folders had unique permissions, increasing complexity and making it more difficult to enforce a least privilege model and comply with regulations like General Data Protection Regulation (GDPR).When asked how hospital breaches have evolved over time, Brian NeSmith, co-founder and CEO of Arctic Wolf Networks, noted this transformation can be a life or death issue.\u00a0\u201cMedical devices, similar to many other IoT devices, were not designed with rigorous security in mind and are more vulnerable to being hacked. They also do not fall under normal security operations procedures since they are used as needed by the medical practitioners and not deployed and maintained by the IT department.\u201dHe predicted we will see more of these, and some with fatal consequences.\u00a0Hospitals are in a tough spot because the medical device vendors have not designed their equipment and devices to fit into industry standard security operations and processes, NeSmith said. Without this, the best they can do is to monitor everything in their environment and have a clear idea of what is and is not normal. Anything that does not look normal needs to be flagged and treated as a possible breach.\u201cPrevention and detection need to be part of a broader security strategy that covers regular reviews and a robust remediation plan. When something happens, the speed of recovery will depend on how good the plan in place is,\u201d he said.NeSmith said there is an increase in phishing based on two factors: the proliferation of social media and the increase in usable information as bait in phishing.Lord said healthcare organizations need a multi-layered approach when it comes to protecting their patient data.Basic network protection like encryption and firewalls should be in place to protect the perimeter of an organization and ward off careless or malicious data leakage.Employee training and education is also critical for protecting health data. Education also ensures the organization\u2019s employees are aware of appropriate vs. inappropriate access to medical records. It\u2019s important for employees to understand the ramifications for both the organization as well as the employee should a privacy violation occur. Healthcare organizations can often face penalties and fines when there has been a breach to patient privacy. If an employee is found responsible, they can face termination or even criminal charges depending on what the investigation concludes.Behavioral analytics, like proactive privacy monitoring, is a final layer to ensuring healthcare organizations are notified as soon as there is inappropriate activity occurring within the hospital\u2019s EHR. Subtle differences in behavior that are identified through a deep understanding of how workforce members normally act can be the reason you identify a case of compromised credentials. Insiders or accounts with compromised credentials act differently when they are attempting to do harm. The sooner it is identified, investigated, and resolved, the lower the impact of that breach.Breaches take several different forms, including malware and hacking. Device attacks do also occur, but Lord said the vast majority of these attacks are focused on gaining access to the data. \u201cIt seems that when trying to gain access to sensitive patient information, the most effective way in is by exploiting trusting human beings,\u201d he said.Insiders are among the biggest threats to sensitive patient data because bad actors often go unnoticed due to the fact that they have legitimate access to the electronic health records, he said. Healthcare organizations can begin to understand and oversee all employee behavior within the EHR with the use of artificial intelligence. Privacy and security teams can detect when something inappropriate is taking place and remediate the situation quickly - saving the healthcare organization and patients time and resources.According to Protenus\u2019 report, insiders were responsible for 44 percent of March\u2019s total breach incidents (17 incidents), affecting 179,381 patient records. Scenarios vary for why insiders choose to access patient records inappropriately, common causes include: family\/friend snooping; VIP\/celebrity snooping; criminal intent; and fraud.\u201cSelling patient records on the Dark Web is more common than we\u2019d all like it to be, and medical records are especially valuable - more than 10 times the value of financial information alone. This can create enough incentive for insiders to take patient information and sell it on the Dark Web,\u201d Lord said.Timing to report breach lagsOver the past few months, Protenus has reported that it has taken several months or years for a healthcare system to discover and report a health data breach to HHS.Lord said in some cases it took several years for healthcare organizations to find out that they have had a breach to patient data. \u201cThis is often the case because healthcare organizations spend only 10 percent of what other industries, like finance and retail, spend to secure their data. Privacy and security teams continue to be stretched thin and only the most obvious violations are detected through traditional methods,\u201d he said.\u201cFor healthcare organizations, it\u2019s just like seeing the tip of the iceberg, knowing that 95 percent is still hidden below the surface. The good news is that advances in machine learning and artificial intelligence allow proactive patient privacy to be implemented in organizations across the country. Using these different methods, leading institutions are seeing the time to detect and resolve these cases drastically decrease,\u201d he added.Health and Human Services\u2019 Office of Civil Rights (HHS OCR), which oversees this area of healthcare, requires healthcare organizations to report a health data breach of 500 records or more within 60 days of discovery.