Healthcare, Security, Medical Practice, Ransomware
Healthcare Fighting Back Against Ransomware
June 28, 2016
The concept of thievery isn't all that complicated. In fact, it's an old and obnoxious tradition that companies and individuals have been battling for centuries. In the modern age, however, theft has evolved into the kind of problem that requires millions of dollars and whole teams of security professionals to combat. Unfortunately, healthcare organizations have been hit hard in the past few years by various cyber data breaches, resulting in millions of records being compromised each year.
The most recent of these threats to healthcare data security comes in the form
of "ransomware," a type of malware that can infiltrate computers or networks
via email. The bug takes hold of hardware and internal records and keeps them
“hostage” until a ransom payment is made. This type of cyberattack has become
so persistent for healthcare organizations across the globe, from large to small,
that some are starting to get sick of repeated attacks-they're starting to find
ways to fight back.
According to some experts, ransomware has increased in popularity because of
a flood of stolen healthcare data records into the market. Since 2015 alone,
more than 100 million records have been stolen from healthcare organizations
in the U.S., including the roughly 79 million records stolen from Anthem, Inc.
(reported in February of 2015). Simple supply and demand laws dictate that the
more of something available, the less money you'll get for it. In order to refill
the coffers, cybercriminals have turned to making quick bucks by preying on
unwary consumers and businesses through ransomware.
While it's difficult to trace most of these ransomware attacks back to their
original source for prosecution, many are apparently originating from Romania,
U.S. criminal charges are unrealistic if not impossible. However, there are
other ways to go about discouraging and preventing attacks.
The best way to avoid falling victim to ransomware within your practice or
hospital is to be wary, proactive, and prepared. The following actions could
save you money and time by keeping your healthcare organization safe from
Keep your security up to date. To begin with, make
sure you have strong firewalls to protect your network, including several
layers of password protection to keep patient records safe and prevent healthcare
breaches. After the main levels are in place, take steps to ensure that
every update is installed promptly and that all security software is up-to-date
and fully operational. Effective healthcare data security relies heavily
on vigilant monitoring.
Educate your staff. Another important step is preventing
any doorways from being opened by unprepared staff. All members of your
team who have access to any healthcare records should be briefed on how
to maintain healthcare data security. This means that they should be able
to recognize phishing emails and ransomware upload attempts. They should
be capably versed in what information to give out over the phone without
verification and how to spot fraud if it arises. This kind of knowledge
only benefits your organization and helps prevent multiple types of healthcare
Create safe and reliable backups. If your organization
has not already invested in reliable backup storage, start researching now.
Should ransomware or any other type of malware infiltrate your systems,
effective backups and secondary record storage will allow you to wipe and
reboot systems to wipe away malicious software.
Do not give in. Whatever you do, don't give in to their
demands and make payment. If the cybercriminals are getting paid, then they
are going to keep doing it. Giving in hurts everyone in the industry and
leads to more healthcare breaches in the long run.
Be knowledgeable and prepared. Know your enemy. Well,
know them as best you can in this case. It's hard to get a good feel for
the exact threat when it comes to cybercriminals, but setting up strong
preventatives such as firewalls and email filters are a good start. Staying
on top of the issue is also important and that means subscribing to newsletters
and doing regular research. Set aside an hour a week to keep up on new
attacks and new trends in cybercriminal operations by doing searches or
checking regular IT news websites. Government organizations such as the
Department of Health and Human Services' Office for Civil Rights and the
Department of Homeland Security even offer advice on their websites for
data breach protection.
Ransomware may be a real threat for healthcare data security at the moment, but most bugs of this type can be prevented by caution and smart, proactive thinking. Whether your healthcare organization is small or large, take a moment to assess your current level of security against ransomware and other malware threats, and get ready. If you haven't been hit yet, it may only be a matter of time.
About the Author - Ashley Choate is a native of Jacksonville,
FL where she lives with her son, dog, and three cats. She graduated Magna
Cum Laude from Jacksonville University with a BA in English and holds an MAED
in Adult Education and Training. She lives for reading and writing, learning
and teaching, and figuring out the day-to-day traumas and joys of mommyhood.