Protecting your systems from ransomware
The headline earlier this year was tough to miss: A hospital in Southern California paid $17,000 in ransom to hackers who had locked the provider out of its own electronic health record (EHR) system.
This method of attack is called ransomware, and while it’s grabbing a lot of attention especially in the healthcare industry right now, it’s actually a hacking tactic that’s been around for nearly a decade.
So, what is ransomware? How does it work? And how can you protect your systems from a potential attack?
What is ransomware?
Ransomware is a type of computer virus employed by hackers to lock you (or your practice or even your entire healthcare system) out of important files or programs. How do they do that? They encrypt the data and use a key that only they know. A lock screen will appear on your computer, telling you that your data has been encrypted, and that the only way to unlock it is to pay the hackers by a set deadline. Sometimes the ransom amount is small, but in many cases, it’s a very large sum of money.
When ransomware first hit the scene, users who had never seen anything like it were scared. So when the screens appeared, they paid the money to have their computers unlocked, which instantly made ransomware an appealing strategy to hackers — it was a very easy way to make money quickly.
How does it enter the system?
In most cases, writes Joseph Conn of Modern Healthcare, ransomware begins with a simple email.
“They often begin with an e-mail attachment opened by an unwitting employee,” he writes (http://www.modernhealthcare.com/article/20160217/NEWS/160219920). “The email launches malicious code that crawls through the victim’s computer system, encrypting and locking up data folders and the computer’s operating system.”
The hackers spam a bunch of email addresses and hope that someone happens to open the email to launch the virus. That’s all it takes.
How can we prevent it from happening to us?
The best way to prevent ransomware from entering your system is something we should all be doing anyway — thoroughly back up your system.
“At its core, ransomware exploits people’s unwillingness to back up their most precious data and files onto a separate hard drive that is completely disconnected from their main PC or network,” writes Chris Stobing of Digital Trends (http://www.digitaltrends.com/computing/what-is-ransomware-and-should-you-be-worried-about-it/#ixzz4G86tob73).
Healthcare networks have become an appealing target to hackers because of the fact that hospitals are less likely to have backups and are more likely to pay the ransom … because the difference between having the data and not having the data could quite literally be the difference between life and death for patients. (The aforementioned Southern California hospital — Hollywood Presbyterian Medical Center — used paper records for a week while it was locked out of its system.)
Other prime targets for ransomware, according to cybersecurity expert Lillian Ablon, are schools and small businesses … for the same reason: a lack of a backup.
Last month, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a special statement regarding ransom ware attacks and the impact on HIPAA protection. The OCR recommends specific tactics including limiting access to protected health data to only those who need it, conducing a risk analysis of your system, training your staff to immediately report any issues, and, yes, establishing frequent data backups.
(Read more about the OCR’s recommendations: http://www.healthleadersmedia.com/leadership/cms-offers-hipaa-guidance-ransomware#)
Will ransomware go away?
So, first, some good news: In addition to backing up your system to minimize the effect of a potential ransomware attack, antivirus software is starting to catch up with the hackers’ tactics and blocking some potential risks.
But the bad news is that ransomware isn’t going away anytime soon. In fact, experts are predicting more healthcare systems will come under similar attacks in the future.
“Unfortunately, (ransomware is) the next big thing everywhere,” Hussein Syed, a chief information security officer at a healthcare organization, told Modern Healthcare (http://www.modernhealthcare.com/article/20160217/NEWS/160219920).
In a recent study conducted by the security engineering research team at Solutionary, 88 percent of all ransomware attacks were on hospital or other healthcare systems.
“As the threat continues to evolve, it will be crucial for organizations to have defined incident-response procedures and proper detective and preventive controls in place to reduce ransomware’s impact,” said Rob Kraus, director of research at Solutionary.
So what’s the moral of the story? If you don’t have a backup system already in place, don’t wait. Set one up now. You never know when you may need it.
Healthleaders Media: http://www.healthleadersmedia.com/leadership/cms-offers-hipaa-guidance-ransomware#
Modern Healthcare: http://www.modernhealthcare.com/article/20160217/NEWS/160219920