Healthcare has become a focus for ransomware hacks as healthcare is shifting to virtual care delivery and evermore digitized environments.
Ransomware is described by CSO Magazine as a form of malware that “encrypts a victim’s files.” Usually ransomware affects an organization through phishing emails or employee visits to an infected website. A ransomware attack means that patient data is encrypted rather than stolen; once a system environment is infected through an email with malware, cyber criminals will decrypt the data when demands for payment are met.
While ransomware can affect any company, healthcare organizations are popular targets because they often pay the ransom to restore files in order to not disrupt operations, protect highly sensitive patient data and protect the patient care process. A mix of technology and best practices can prevent such attacks in a virtual setting or office.
- Install trusted antivirus or anti-malware software on all devices, including allowed BYOD.
- Define a cyber-attack strategy and communicate it throughout the organization.
- Establish and execute an internal education protocol so that employees understand how ransomware is distributed and how phishing attempts can be spotted.
- Instruct employees to choose strong and unique passwords for all work and personal accounts, including mobile devices and wireless connections.
- Offer employees a password management tool.
- Partner with infrastructure and storage vendors to assure best practices, including routine server backups.
- Ensure all servers, workstations, and security tools have the latest updates and patches.
- Purchase a cyber insurance policy to cover multiple cyber-attack scenarios.
- Alert local law enforcement personnel and the FBI in the event of a ransomware attack.
- Schedule routine organizational downtime.
Organizations with legacy systems that link to ancillary solutions need to carefully assess the tradeoff between extending the use of legacy systems and cyber attacks. Cybercrime threats to US healthcare present greater risk as organizations embrace more digital processes. It is imminently important for health systems and hospitals to protect their network infrastructure.
To learn more about how ransomware has threatened some of the most sensitive data, health networks and hospital systems, read the article "Ransomware Attacks in Healthcare a National and Federal Concern."