A growing number of hospitals and other health care providers are falling victim to ransomware attacks, leading to concern that millions of patient records — not to mention care delivery itself — could be compromised.
Ransomware is a very specific type of malware in which hackers block access to or encrypt data on a network, only releasing the data when the victim pays a ransom. In most cases, the data isn’t exposed or sold (although some hackers may threaten to do so), but the ransom amount increases the longer that it goes unpaid. Such an attack can prove disruptive to any organization, especially since failing to pay the ransom results in the data being irretrievable and forces you to restore databases and computer networks.
And health care organizations, hospitals in particular, are especially vulnerable to ransomware attacks. For starters, health care organizations are more likely to treat a ransomware attack as an emergency, and therefore pay the ransom to restore access. When patient information, and possibly lives, is on the line, there is no time to waste, and it’s usually faster to pay up than it is to restore the system from backups.
Second, hackers have determined that in many cases, health care security strategies are inadequate at best. For many providers, security efforts are focused on protecting patient privacy as required by HIPAA, rather than an overall cyber security effort. So while patient personal information is protected, other systems may not have the same level of protection leaving them vulnerable to attack.
Another issue? Many health care employees simply aren’t trained in cyber security protocols, particularly when it comes to identifying phishing messages. Most ransomware attacks stem from phishing, but according to one survey of health care IT decision makers, training and education for end users is one of the lowest priorities in the overall security strategy.
As a home health agency, you undoubtedly rely on home health care software and remote access, as well as complex databases, to manage your business. A ransomware attack could prove devastating to your business, particularly since the typical ransom runs into the tens of thousands of dollars — and paying it doesn’t always guarantee that you’ll regain access to your data. Instead, it’s better to focus on preventing the attacks in the first place, which you can do by taking a few strategic steps.
Protecting Your Agency Against Ransomware
The best way to protect your agency from falling victim to a ransomware attack is to understand how the attacks occur — and again, it’s most often a result of someone clicking on an email that contains the malicious software.
Therefore, employee training in detecting and avoiding malware attacks is key. Train employees to recognize the signs of a fraudulent email, and to avoid opening attachments that are not expected. Robust antivirus protection on all devices, including mobile devices used in the field, is a must, but you may even consider installing sandboxing capabilities on your email program.
Some of the more advanced options scan emails as they arrive to determine whether the sender is known to your organization, and sandboxes new or unfamiliar emails for further security scanning. In some cases, these programs also remove any attachments, particularly those with .zip or .exe extensions, which are most likely to contain the harmful code.
In addition to protecting email, restricting administrator privileges is a key part of protecting malware. Restricting user permissions to specific areas of the network helps prevent an infection in one area from spreading to others, mitigating the potential damage.
The potential for a ransomware attack also underscores the importance of having a comprehensive plan for backups and a business continuity plan. While some particularly nasty ransomware will block access to backups and prevent a system restore instead of payment, a process for secure backups can prevent that from happening.
If You’re Attacked
While health care providers are particularly vulnerable to ransomware attacks, in many cases such attacks are a crime of opportunity. This means constant vigilance, but even among the most vigilant organizations, attacks still happen.
If your agency is struck by ransomware, do not panic. The first thing to do is disconnect any networks and turn off Wi-Fi and Bluetooth, and remove any external devices to prevent those from being infected as well. If the ransomware is a known infection, your IT team should have access to instructions for removing the malware and restoring access. This usually entails restoring data from backups.
In addition, if you are a victim of ransomware, the Department of Health and Human Services recommends that you contact the FBI Field Office Cyber Task Force or your local U.S. Secret Service field office to get assistance and further instructions. These law enforcement agencies can help you pursue the criminals and prevent future attacks.
Ransomware can be disruptive and costly to your business, so it’s important to protect against it. To learn more about solutions that can help keep your business running smoothly and securely, click here to check out Complia Health’s resources.