Consider this scenario…
Your employee clicks on an e-mail that looks just like any one of the hundreds of messages that flood their inboxes daily.
But this particular e-mail contains a hidden danger. When your employee opens the message, they inadvertently provided a gateway for malicious code to find its way onto several computers at your practice – locking up dozens of patient records.
Soon after that, you see a warning message flash across your screens telling you to pay a hefty fee if you want to see your data again.
Seems like something that is only possible in the latest blockbuster movie? Well, it’s not.
The Methodist Hospital in Henderson, Ky., Ottawa Hospital, King’s Daughters Health in Indiana, Hollywood Presbyterian Medical Center, Chino Valley and Desert Valley Hospitals in Southern California, and MedStar Health serving communities in Maryland and Washington, D.C. are all hospital systems that have fallen victim to attacks this year.
There is a specific name for the attacks – ransomware. It is a strain of malware that encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
Generally, victims get infected with ransomware through phishing attacks that carry a malicious attachment or instruct recipients to click on a URL that downloads malware to their computer. But victims can also get infected through malware infected advertising, or malvertising, if they visit a web site that is serving up compromised ads.
Last year, the FBI said 2,453 ransomware thefts resulted in $24 million in losses.
Why is healthcare a target?
Healthcare data is attractive to cyber criminals because of the richness and uniqueness of the information that the health plans, doctors, hospitals and other providers handle. Medical records sell for as much as 20 times the price of a stolen credit-card number, according to Dell SecureWorks.
What should you do if you are infected with ransomware?
Security firm KnowBe4 advises victims to disconnect infected systems from a network and disable Wi-Fi and Bluetooth to prevent the malware from spreading. They also advise victims to remove any USB sticks or external hard drives connected to an infected computer to prevent those from being locked as well.
If you are “lucky” enough to know what strain of ransomware is on your system, and if it’s well-known, there may be information published online by security firms or even tools that can bypass the encryption—if the attackers designed it poorly.
Short of that, the security firm says you have two options: pay the ransom or restore data from backups. The best action, of course, is for to take steps to prevent attacks altogether.
How can you protect against cyberattacks?
The easiest way to deal with the problem in the short term, experts say, might be more straightforward than you would think. It comes down to educating your workforce. "You're still as vulnerable as your most gullible employee," John Halamka, Chief Information Officer and Dean for Technology at Harvard Medical School told the Christian Science Monitor.
For example, noticing that an email contains misspelled words or the URLs or domain names are spelled wrong could help recognize an attempted scam. If an individual hovers the cursor over a link and it reveals itself as a different address that could also be a potential scam.
Patricia Skarulis, Senior Vice President and Chief Information Officer at Memorial Sloan Kettering Cancer Center told HealthITSecurity that, “It could also be beneficial for healthcare organizations to stage ongoing, corporate sponsored attacks against their own company.” The training could help pinpoint employees who may need greater training on detecting potential scams.
KnowBe4 also recommends configuring mail servers to block zip or other files that are likely to be malicious. Most importantly, they tell organizations to restrict permissions to areas of the network. Instead of having thousands of people accessing files on a single server, they recommend breaking into smaller groups so that if a server gets infected, it won’t spread ransomware to everyone. It also forces attackers to work harder to locate and lock down more servers.
Healthcare cyberattacks are not likely going to disappear or cease anytime soon. By regularly training employees, and keeping technical safeguards up to date, healthcare organizations will be taking important steps toward recognizing and preventing successful ransomware attacks.