ClearDATA’s Statement on the Change Healthcare Ransomware Attack & Preventative Measures Moving Forward

In the wake of the recent ransomware attack on Change Healthcare, ClearDATA is compelled to address the cybersecurity landscape within the healthcare industry. The urgency to bolster our defenses against such malicious activities has reached a critical point. This incident underscores the necessity for comprehensive security measures to safeguard sensitive health information to ensure the continuity of healthcare services.

Understanding and Addressing Vulnerabilities

At the core of preventing ransomware attacks lies the imperative to stay vigilant against critical vulnerabilities. It’s essential to heed critical vulnerability alerts promptly. Cybercriminals exploit weaknesses faster than ever before, making it crucial for organizations to apply security patches and updates without delay.

Comprehensive Asset Inventory Reviews

A detailed and periodically updated asset inventory is the foundation of any robust cybersecurity strategy. Understanding which assets might harbor critical vulnerabilities enables targeted assessments and fortifications, reducing the attack surface that adversaries can exploit.

Regular Vulnerability Scans and Remediation

Routine vulnerability scans followed by timely remediation are paramount. These scans should be as frequent as possible to detect new vulnerabilities and changes in the network landscape. Coupled with a stringent remediation protocol, this approach significantly lowers the risk of exploitation.

Additional Protective Measures

Beyond these fundamental practices, ClearDATA advocates for several additional strategies to enhance cybersecurity posture:

  • Endpoint Detection and Response (EDR): Implementing advanced EDR solutions can help detect and isolate threats before they spread.
  • Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it harder for attackers to gain access even if they compromise credentials.
  • Employee Training and Awareness: Regular training on identifying phishing attempts and other social engineering tactics is vital. Human error often provides a breach point for cyberattacks.
  • Incident Response Planning: A well-drafted and regularly tested incident response plan ensures that an organization can swiftly and effectively mitigate the impact of a breach.
  • Rehearsed Resiliency Plans: A well-rehearsed plan to restore systems and services is paramount in making our health system resilient to attack.
  • Implementation of Least Privilege Access: Ensure that all access Identity and Access permissions are limited to must-have permissions to limit the ability for ransomware to move horizontally in an environment. Avoid permission sets such as “AdminstrativeAccess” and instead use specific Access Policies that align with defined requirements.

The ransomware attack on Change Healthcare is a stark reminder of the ever-present cyber threats facing the healthcare industry. It highlights the need for a comprehensive, layered approach to cybersecurity, incorporating foundational practices and advanced defensive technologies.

At ClearDATA, we remain committed to leading by example, continuously enhancing our cybersecurity measures to protect the sensitive data entrusted to us. Let this incident galvanize us into action, reinforcing our defenses and resolve to safeguard individuals’ health and well-being. We’re here to support you. If you need help, please call us at  (844) 265-9625 or visit us at www.cleardata.com.

Thank you for subscribing!