If you work in healthcare, chances are you have heard of a medical practice experiencing ransomware but what you may not have heard about was how the medical practice dealt with the ransomware attack. Most healthcare practices don’t have the time to deal with a ransomware attack. They just want to get their patient data back and get back to seeing patients as fast as possible.
What is ransomware?
Ransomware is a type of malware that works by locking you out of your system to prevent you from accessing data until you pay a ransom (get it? RANSOMware.), usually demanded in bitcoin currency. However, the attacker can still access your data using a private key that only they possess.
Once you experience a ransomware attack, there is no way for you to access your data unless the attacker provides you a decryption key or recover the data from backups.
Ransomware has become a widespread issue with attacks on healthcare practices on a regular basis. This is primarily due to the lack of physical security many healthcare practices have in their computer systems and also due to the significant value of medical records on the black market when associated with identity theft.
Without access to their patient’s medical records healthcare practices cannot provide care for these patients, which means the healthcare practice is more likely to pay the ransom instead of reporting it to authorities.
There are thousands of hackers out there right now targeting healthcare practices because they know healthcare professionals need to access patient data and if they can’t then, they will pay to get it back. If they can obtain the data, it is also being sold on the dark web and associated with millions of identity theft victims.
What do you do in these situations? There aren’t many choices that seem like a good one. You could scrap your data if you have backed up your data in another location and not pay the ransomware. Or you could pay the ransom so you can quickly access your patient data to return seeing your patients. However, once you pay the ransom, attackers will repeatedly target you because they now know you will pay to get your patient data back.
After you have had an attack, what are you doing to prevent it from happening again in the future?
So how does ransomware target healthcare practices?
Usually, ransomware is carried out through phishing attacks that carry a malicious attachment or instruct recipients to click on a URL that downloads malware to their computer.
Healthcare practices can also be infected with ransomware if they visit a website that features compromised advertisements. Therefore companies, especially healthcare practices, should always monitor the websites their employees are visiting to make sure they do not mistakenly download a virus or malware.
If you’ve been hit with ransomware or not, protecting your network from these types of attacks is now an integral part of any network security framework for both individuals and companies.
Protecting yourself from intrusions and attacks requires securing your main layers of defense. If you consider a computer network to consist of a series of segments that any malware or virus needs to penetrate, the outermost layer will comprise the users. After all, it takes a single user’s interaction to initiate or allow a network intrusion.
Only AFTER a user has clicked or visited a malicious link/site will your secondary and tertiary layers (firewalls and antivirus) come into play. Thus, the very first layer you will need to harden is that of the human operator. It is only in recent years that the importance of this layer of security has come to be recognized.
Often software is relied upon as a catch-all for these types of situations. Software just by itself is not enough anymore; users must be trained to prevent such attacks from happening in the first place.
We help clients by offering solutions such as our Employee Security Awareness Program.
Why should you back up your data?
The last piece of the puzzle in any ransomware protection must include a regular backup of your files as well as a regularly TESTED restore procedure.
With so many options available for both on-site backup solutions and cloud-based backup solutions, there is no reason any user or company should not have a very regular backup of files.
Restoring from a recent backup is the ideal solution to any ransomware infection. In the past, backup options were costly and required regular check-ups and maintenance.
Now, with cloud storage like Datto Backup, Datto Backupify, and more, combined with the ever-falling price of storage media these days, backups are not an optional part of operating a computer: they are an absolute necessity.
In a practice environment, if your company is not making regular and redundant backups of vital files, it is only a matter of time before catastrophic failure. No hard drive lasts forever, and computers can fail or be subject to all manner of data-destroying events.
To help prevent your backups from being compromised, you should always have an off-site or redundant backup in place. If your backed-up data are easily accessible by a computer infected with ransomware, don’t be surprised if your backups are encrypted as well!
We offer several backup solutions to protect your practice. Having off-site and recent backups are standard “best practices” for backup procedures against ransomware.
Prepare for the worst by always having a plan B.
Plan Backup that is!