HIPAA and Ransomware: NCCoE/NIST Release Draft Guidelines for Ransomware Recovery

Draft guidelines for ransomware recovery have been issued by the National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST). The guidelines – NIST Special Publication 1800-11 – apply to all forms of data integrity attacks.

SP 1800-11 is a detailed, standards-based guide that can be used by organizations of all sizes to develop recovery strategies to deal with data integrity attacks and establish best practices to minimize the damage caused and ensure a speedy recovery.

NIST says, “When data integrity events occur, organizations must be able to recover quickly from the events and trust that the recovered data is accurate, complete, and free of malware.”

NCCoE/NIST collaborated with cybersecurity vendors (GreenTec, HP, IBM, Tripwire, the MITRE Corporation and Veeam) to develop the guidelines, which will help organizations prepare for the worst and develop an effective strategy to recove from a cybersecurity event such as a ransomware attack. By adopting the best practices detailed in the guidelines, the recovery process should be smoother, critical business and revenue generating operations can be maintained, and enterprise risk can be effectively managed.

The NIST guidelines for ransomware recovery will help organizations prepare for an attack and develop strategies to allow them to restore data to the last known good configuration, identify the correct backup copies to use, and determine whether data have been altered or poisoned.

In the event of data alteration, organizations are shown how to identify the individual(s) who have altered data and determine the impact of data alteration on business processes. The guidelines also explain how businesses can ensure systems are free from malware during the recovery process.

The guidelines are split into three volumes: Volume A is an executive summary which is of particular relevance for business decision makers including CSOs and CISOs; Volume B outlines approach, architecture and security characteristics which will help technology and security program managers identify, understand, assess, and mitigate risk. Volume C includes how-to guides, including specific product installation, configuration, and integration instructions for a selection of software solutions and tools that can be used to help organizations recover from data integrity attacks.

The draft guidelines for ransomware recovery are open for comments and can be downloaded on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.