The U.S. Cybersecurity and Infrastructure Security Agency released guidance this week about how to protect sensitive data from ransomware attacks and how to prevent them from happening in the first place.
"Ransomware is a serious and increasing threat to all government and private sector organizations," read the guidance.
"This fact sheet provides information for all government and private sector organizations, including critical infrastructure organizations, on preventing and responding to ransomware-caused data breaches," it continued.
WHY IT MATTERS
Although much of the guidance will be familiar to those who have kept abreast of cybersecurity news, the CISA fact sheet reinforces the federal government's commitment to addressing ransomware threats.
It directed organizations to StopRansomware.Gov, launched this June as a centralized resource aimed at providing guidance and alerts.
When it comes to preventing attacks, the agency advises organizations to:
- Maintain offline, encrypted backups of data and regularly test them.
- Create, maintain and exercise a basic cyber incident response plan, resiliency plan and associated communications plan.
- Mitigate Internet-facing vulnerabilities and misconfigurations.
- Reduce the risk of phishing emails.
- Practice good cyber hygiene, including the use of multifactor authentication.
"Organizations storing sensitive or personal information of customers or employees are responsible for protecting it from access or exfiltration by malicious cyber actors," CISA wrote.
To do so, it recommends:
- Knowing what sensitive data is stored on systems and who has access to it.
- Implementing physical security best practices.
- Implementing cybersecurity best practices, including encrypting sensitive information at rest and in transit.
- Ensuring cyber incident response and communications plans include notification procedures for data breach incidents.
If an organization is victimized, CISA recommends securing network operations, taking a system image and memory capture of a sample of affected devices if no initial mitigation appears possible, and following notification requirements.
"CISA strongly discourages paying a ransom to criminal actors," said the agency. "Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities.
"Paying the ransom also does not guarantee that a victim’s files will be recovered," it added.
THE LARGER TREND
President Joe Biden's administration has made beefing up cybersecurity a clear priority.
This past month, Biden released a memo formally establishing the Industrial Control System Cybersecurity initiative and directing federal agencies to develop cybersecurity performance goals for infrastructure.
"Protection of our nation’s critical infrastructure is a responsibility of the government at the federal, state, local, tribal and territorial levels and of the owners and operators of that infrastructure," Biden wrote in the memo.
The president also requested billions of dollars in his June budget to protect the country's infrastructure from hackers, and his administration has said it could consider military action in its ransomware response.
ON THE RECORD
"All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems," said the CISA guidance.
"CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations," it continued.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.
