Cyber Criminals Targeting Healthcare Practices
Get to know these cyber criminals by watching our presentation on the history and current efforts of Cybercrime.
Why Cyber Security is More Important than Ever for Medical Practices
Cyber Security is no longer just a buzzword, it is now a legitimate threat. Having already conquered large corporations such as Target, Sony, and Anthem, cyber terrorists are now focusing their attentions on medical practices.
Stories about hospitals falling victim to cyber-attacks are littering the news, like the hospital in California whose operations were restricted for more than a week while their patient data was held ransom for $3.6 million (read more here). Most recently and in our own backyard, a Washington-DC based MedStar Health hospital network was hit with a separate ransomware attack that became the largest of its kind to be reported in the mainstream media (read more here).
What Is Ransomware?
Ransomware is the cyber-attack that poses the biggest threat to medical practices. Most oftentimes conducted through a seemingly harmless email attachment or website link, an unsuspecting employee will relinquish access to a practice’s systems through one single click. Once opened, the virus will install itself on the offender’s computer and continue installing itself on all systems that the original computer is connected to – servers, file shares, networked devices, etc. As it accesses each new location, it encrypts and hides all data, making it inaccessible to all users and instead demands a ransom to be paid in exchange for the safe return of what was held captive.
These ransoms are generally paid in bitcoins, an internet currency that is nearly impossible to trace, in a Deep Web transaction, further masking the identity of the attacker and origination of the attack. Victims that are forced to pay the ransom are often charged $400-600 dollars, but recent attacks on healthcare companies have demanded a much larger sum, with one hospital paying more than $17,000 to rescue their data.
Why is Healthcare at Risk?
These targeted intrusions are zeroing in on healthcare practices because there is a large amount to gain. First of all – money. These criminals know the value of a practice’s patient data to their everyday business functionality. By restricting or removing a practice’s access to an integral part of their operations, they know that a practice will be willing to pay considerable sums of money to regain use. In addition, holding data ransom gives attackers access to more than names and social security numbers. Medical records hold deeply personal information, which can be used with malicious intent against specific individuals in prominent or powerful positions. Even though healthcare institutions hold an almost unsurmountable amount of sensitive data, they are ranked as one of the least secure and most easily infected industries – leaving practices open to major costs for restoration and fines for non-compliance.
How to Combat being Attacked
While even the most fortified practices can be compromised by increasingly clever intruders, there are steps that can be taken to strengthen your virtual defenses.
Backup your data. In the event of a ransomware infection, an effective backup of data will prevent any need for payment and release of captive data, as a simple restore will be able to
Keep all systems up to date. This includes installing the latest patches to workstations and servers, replacing End of Life devices (computers running XP, servers running Windows Server 2003, etc.), and maintaining a manufacturer’s warranty on all hardware. Attackers seek outdated devices and exploit known vulnerabilities, leaving your systems easily accessible.
Train your staff. The majority of attacks are instituted unknowingly by an errant click by an unsuspecting user. Ensure all staff members know not to open attachments from unfamiliar sources or click suspicious links. If unsure, employees are urged to call and ask us to investigate before clicking. We are more than happy to help!
What to do if You Think You’re Infected
Ransomware is a quiet attacker, stealthily encrypting data and spreading itself in the background, so it may be days before you notice that you have been infected. As soon as you suspect you’ve been hit, follow the below steps:
Shut down immediately. If you believe your computer has been compromised, immediately disconnect and shut down your machine. This can help to prevent spreading the attack to further systems.
Call IT. Your IT provider will help you through the steps of remediation, including alerting law enforcement. If you have been vigilant about backing up your data, we can help replace the files that have been compromised; if not, we can help facilitate Bitcoin payment and rightful restore of your information.
Watch an Infection Happen in Real Time