Chris Akenson is our CISO at large and is responsible for ensuring STN exceeds security best practices as prescribe by the NIST CSF. Here are his notes about Ransomware:
With the current ransomware attacks on the nation’s health care providers, now more than ever is security important. Our nation’s healthcare providers are at an increased risk for attacks and fraud. You can help reduce the likelihood and prepare for an attack.
1. Notify your users – Alert and train users not to click links and attachments from untrusted sources. Implement security awareness training and practices.
2. Secure your backups – Verify backups are secure from attack and are easily retrievable and tested.
3. Patch your systems – Update all systems and anti-virus definitions, use vulnerability scanning to help locate weakened areas or missing patches.
4. Have a Plan – Perform an Incident Response Ransomware tabletop exercise to evaluate the effectiveness of the Incident Response Plan to contain and eradicate malicious software.
5. Stop the bleeding – Apply outbound next-generation Intrusion Prevention System (IPS) inspection to block all command and control and data exfiltration attempts and apply multi-factor authentication on all remote access connections.
With over 24 years of experience in various security-related roles Chris Akenson, CISSP, brings a deep background in security implementation, analysis, and practices. Chris has extensive experience in building and maintaining security standards, programs, and assessment practices. Chris has a breadth of knowledge across many compliance and regulatory industries, including Healthcare, Financials, and Utilities.