(Threatcare) If one thing is for sure, the WannaCry ransomware revealed that many industries are not nearly as protected as they think they are. The WannaCry attack on the NHS has certainly left little doubt about that; the ransomware even caused a hospital to turn away ambulances and cancel surgeries. Now, after the recent Petya ransomware attack, it’s hard to believe that anyone could be safe.
Hospitals may be especially at risk, due to how high the stakes are. Security experts say that the healthcare industry, among others, really need to step up their cyber defense efforts if they want to maintain the trust of their clients and keep their confidential information where it belongs. The threat of cyber attacks will not be going away any time soon – and in fact, the danger only grows stronger as time trudges on. As an organization’s security methods grow outdated, hackers grow more sophisticated and capable. You can see where problems with security and data breaches can easily become overwhelming.
Josh Corman, a cybersecurity industry veteran now working on related issues at the Atlantic Council and a member of a healthcare security task force established by the U.S. Congress, estimates that 85 percent of US healthcare institutions do not have staff members that are competent in basic cybersecurity duties like separating networks, patching software or even monitoring for threat advisories.
Again, the case of the NHS being invaded by WannaCry and Petya rings a bell. And according to Threatcare founder and renowned cybersecurity expert, Marcus J. Carey, the severity of the NHS breach could have been easily avoided. “This is certainly a case where I believe networks should be air gapped and separated from the internet,” he commented. “It makes no sense that someone can receive a fake Nigerian Prince’s email, and it takes out a whole hospital. At minimum, these networks should be highly segmented,” Carey added.
Clearly, if hospitals and other industries took the time to learn their vulnerabilities and invest in cyber defense, the intensity of a cyber attack can at the very least be mitigated, if not avoided all together. As the saying goes, “An ounce of prevention is worth a pound of cure.”