A healthcare organisation can find itself in critical condition if attacked by ransomware — a type of malware that prevents or limits users from accessing their files unless a ransom is paid.
Verizon’s 2018 Data Breach Investigations Report discovered that ransomware accounts for 85% of all malware targeting the healthcare industry.
Ransomware attacks have been numerous in hospitals and other health facilities recently, and the consequences can be dire for providers and patients, who are denied access to their files and cannot receive the care they need.
“Many healthcare offices are not prepared to combat cyber attacks,” said Alex Zlatin, CEO of Maxim Software Systems and author of Responsible Dental Ownership.
“It can be a life-or-death situation if they can’t access data. So, they are more likely to pay up.
“Healthcare organisations are prime targets because of all the patients’ personal information they have to offer cyber criminals.
“It’s imperative they get up to speed on how to prevent such a nightmare scenario and know how to deal with a ransomware attack quickly.”
Zlatin offered ways for healthcare organisations to prevent or reduce the risks of ransomware attacks, and how they should respond if infected:
If attacked by ransomware
Isolate the infected computer immediately. “Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives,” Zlatin said.
Isolate or power-off affected devices. Those devices that have not been completely corrupted should shut down or be isolated. Zlatin said this can provide time to recover data and contain the damage.
Secure backup data or systems by taking them offline. “You’ll want to ensure backups are free of malware before using them to restore inaccessible data,” he commented.
Change online account passwords and network passwords. “After removing the system from the network, do this, and change all system passwords once the malware is removed,” Zlatin added.
To prevent attacks and mitigate risks
Train employees on cyber hygiene. “This is a healthcare organisation’s best defence against ransomware,” Zlatin said. “Cyber hygiene is not putting yourself in a situation where you’re surrounded by malicious links — like surfing the internet for personal reasons, opening emails from unfamiliar sources, going on Facebook or checking your Twitter feed from a workstation.”
Keep all systems secure. To remain compliant with HIPPA regulations in the U.S. and Canadian ones like PIPEDA, PHIPA and Alberta’s IHA, all systems that contain protected health information are required to stay up to date. “To protect against a ransomware threat, a similar approach must be taken so that all systems are secured against any potential vulnerabilities,” he added.
Monitor network traffic and file access. “Data breaches can be discovered by monitoring for unusual behavior within the systems,” Zlatin commented. “Detecting outbound connections can pinpoint the location of an infection.”
Back up all data. “If some or all of a system’s files get encrypted, restoring the files from a backup is the only recovery option,” added Zlatin. “Making sure that the backup restores properly is as important as having a backup from the get-go.”
Adopt additional protection. “Ransomware sometimes goes undetected by many antivirus tools,” he said, “and IT departments must apply safeguards to block suspicious emails and deploy additional filters that block potential harmful sites.”
“Providers can’t just hope an attack doesn’t happen to them. They must do everything they can to prevent it,” he concluded.