Dr. Kissinger is Interviewed by SC Media

Bryan Kissinger is the CISO for Banner Health, an $8.5 billion chain of 28 hospitals along with physician groups, long-term care centers and outpatient surgery centers in six states. Kissinger argues that his security team has done everything it can think of to thwart a ransomware attack.

“We’re preparing ourselves as best as we can,” Kissinger says. “We don’t allow our workforce to have administrative privileges on end-user devices.”

That restriction on administrative privileges is a key part of Banner’s defense strategy. Given that the typical ransomware attack involves attachment malware intended to compromise administrative credentials, “we attempt to head that part off. Our remedy would be to flush the system and reload it from a clean backup.”

Given that Banner performs backups on everything in the network — applications, data and operating system — there is always a risk of the malware infecting the backup so “we try and go back to a good time.” But by sharply limiting who has administrative privileges, Kissinger is hoping an attack would not ever touch any of the backups.

When asked about whether his firm, if indeed caught in a ransomware web, would ever pay ransom, he says he would recommend such a payment in only a few circumstances, such as if the system was “hopelessly locked and if the ransom is lower than our operating costs to repair the damage.”

Kissinger adds that it is hardly practical to have an ironclad policy against ever paying such a ransom. “I think anyone who says flat out ‘no’ is not being realistic.”

But if it ever happened, Kissinger says, his top priority would be identifying how the attacker got in and patching that hole. “We would try and close the threat vector so they can’t just attack again” after the ransom is paid, he says.

The question of whether paying encourages more ransomware is a difficult one to answer, which is why most companies that pay do everything they can to keep the payments secret.

Read the full article here.