Improve Ransomware Resilience for Healthcare
Prevent incursions and defend against ransomware attacks.
RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Ransomware is a high-profile threat that demands immediate attention:
- Organizations large and small hit by ransomware make the news every week.
- Executives want reassurance – but aren’t ready to write a blank check. Improvements must be targeted and justified.
- No one is bulletproof, so the ability to recover from (not just prevent) a ransomware attack is critical. Yet backup and disaster recovery capabilities are often lacking.
Take specific actions to improve your ability to prevent and respond to a ransomware attack:
- Execute a systematic assessment of your current security and disaster recovery (DR) practices to identify gaps and quick wins.
- Quantify ransomware risk to prioritize investments and drive security awareness.
- Run tabletop planning exercises to plan for ransomware attacks, build a more effective incident response plan, and further identify projects to help close gaps.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Assess Ransomware Resilience
The Purpose
- Set workshop goals, review ransomware trends and risk scenarios, and assess the organization’s resilience to ransomware attacks.
Key Benefits Achieved
- Develop a solid understanding of the likelihood and impact of a ransomware attack on your organization
- Complete a current state assessment of key security controls in a ransomware context.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Review incidents, challenges, and project drivers. |
|
| 1.2 | Diagram critical systems and dependencies and build risk scenario. |
|
| 1.3 | Assess ransomware resilience. |
|
Module 2: Protect and Detect
The Purpose
- Improve your capacity to protect your organization from ransomware and detect attacks along common vectors.
Key Benefits Achieved
- Identify targeted countermeasures that improve protection and detection capabilities.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Assess ransomware threat preparedness. |
|
| 2.2 | Determine the impact of ransomware techniques on your environment. |
|
| 2.3 | Identify countermeasures to improve protection and detection capabilities. |
|
Module 3: Respond and Recover
The Purpose
- Improve your organization’s capacity to respond to ransomware attacks and recover effectively.
Key Benefits Achieved
- Build response and recovery capabilities that reduce the potential business disruption of successful ransomware attacks.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Review the workflow and runbook templates. |
|
| 3.2 | Update/define your threat escalation protocol. |
|
| 3.3 | Define scenarios for a range of incidents. |
|
| 3.4 | Run a tabletop planning exercise with IT. |
|
| 3.5 | Update your ransomware response runbook. |
|
Module 4: Improve Ransomware Resilience
The Purpose
- Identify prioritized initiatives to improve ransomware resilience.
Key Benefits Achieved
- Identify the role of leadership in ransomware response and recovery.
- Communicate workshop outcomes and recommend initiatives to improve ransomware resilience.
| Activities: | Outputs: | |
|---|---|---|
| 4.1 | Run a tabletop planning exercise with leadership. |
|
| 4.2 | Identify initiatives to close gaps and improve resilience. |
|
| 4.3 | Review broader strategies to improve your overall security program. |
|
| 4.4 | Prioritize initiatives based on factors such as effort, cost, and risk. |
|
| 4.5 | Review the dashboard to fine tune your roadmap. |
|
| 4.6 | Summarize status and next steps in an executive presentation. |
|