Ransomware has become an increasingly important threat to hospitals as detailed in one of my recent notes (see: Hospitals and Ransomware; How Should Hospitals Protect Themselves?). An Israeli software company, Votiro, has been said to come up with what appears to be a solution to protect hospitals from ransomware. All of this was detailed in a recent article (see: Israeli system keeps hospital data safe from ransomware). Below is an excerpt from it:
Hospitals are no more vulnerable than anyone else to malware [such as ransomware], because most of it is delivered not through high-tech means that good cyber-defenses could protect against, but by decidedly low-tech phishing methods in which hackers send out scam emails with links or attachments loaded with a malicious payload that, once delivered, can quickly compromise a system. Hospitals, though, have more at stake than many other organizations, since they are accountable to patients, insurance companies, and government regulators....Votiro’s system prevents that malicious payload from getting onto a system in the first place. The company’s system “neutralizes” exploits by dissecting and reconstructing attachments and files that are sent in phishing messages – messages that appear to be legitimate, possibly from managers, friends, or other trusted sources. Unwitting recipients open these attachments and infect their own computers and networks, but Votiro then steps in, keeping those attachments in a special area where they can be checked, the problematic code can be removed and the legitimate data forwarded to the recipient. According to Votiro, it’s the only way to protect systems, as relying on the good judgment of users is not an option....The temptation to click on important-looking attachments is too great, according to this assessment; the best way to protect users from rogue files and attachments is to keep them away from users in the first place.
Hospital computer systems are often contaminated by ransomware using so-called phishing methods whereby hospital employees are persuaded to click on a link or innocently open an email attachment containing a computer virus. As explained in the excerpt above, hospitals cannot rely on the continuous good judgment of their computer users in such matters. The phishing emails are designed so that the recipients mistake them for important information relevant for their jobs and then click on a link or open an attachment to infect the system.
Votiro's software is said to "neutralize” malware software by dissecting and reconstructing email attachments and files that are embedded in phishing messages. I can't vouch for the quality of the software but the approach seems to be the correct one. Don't allow email into employee's in-boxes that poses even a remote threat of contamination with a virus. I suspect that sanitizing all inbound software has substantial costs in terms of the need for more computing power or delays in the delivery of email but, right now, there seems to be no better solution to this problem.