Analecta Cyber Company Blog: Quick Ransomware Response to SAVE your Healthcare Practice

2016-05-29

Quick Ransomware Response to SAVE your Healthcare Practice

The Ransomware threat

The healthcare industry is facing serious challenges already in 2016, with more than half of all hospitals encountering ransomware according to a recent Healthcare IT News and HIMSS report. The damage and costs of these attacks are substantial and require serious consideration for small healthcare practices.

Ransomware is a form of malicious software, or malware, that denies the target the accessibility of information. The attackers promise to return access to the files after you have paid a ransom - often through anonymous bitcoin or other anonymous currencies.

Unfortunately, this malware uses military-grade encryption to lock these files away. This encryption cannot be undone in many cases. New forms of this ransomware continue to be developed - Analecta has cataloged more than 100 strains of ransomware.


Impact

Many healthcare practices have fallen victim of ransomware in 2016. Early in the year the Hollywood Presbyterian Medical Center paid a $17,000 ransom to attackers after the hospital network became inoperable.

Recently the Kansas Heart Hospital paid the ransom to receive their data back from the attackers. The hackers tried to extort a second payment from them.

Desert Valley Hospital, MedStar and Kentucky Methodist Hospitals have also been attacked (covered previously by Analecta).

As larger healthcare practices improve defenses against these threats you can anticipate a shift towards smaller practices.

Improving Security

Basic proactive security practices are the best way to avoid threats like these.

Here are some quick, simple actions you can take that may SAVE you if you're attacked by crypto ransomware.

1. Set a policy that establish best practices and ensure computers are only used for their intended purpose.

2. Activate a simple procedure for staff to follow if they see evidence of crypto ransomware. The best practice to date is to unplug the computer.

3. Verify you are able to read the backed up data on a monthly basis. Back up your ePHI data regularly.

4. Ensure your computer systems are up-to-date with the latest software and operating system patches to reduce your risk to these, and other, cyber threats.

Finally it's important understand that being attacked by crypto ransomware does not automatically mean that you have encountered a HIPAA violation. In many cases crypto ransomware operates by encrypting data locally and only sends the secret unlock key to the attackers. In scenarios like this the attackers never viewed, accessed or downloaded electronic health information - they simply made it unavailable to you.

If you believe you have encountered ransomware, give us a call at 410-379-5483 so we can help identify the threat and determine your best way forward to keep your practice healthy!