What You Need to Know About Ransomware Attacks

 

Ransomware attacks have filled news communications and headlines lately causing much scare to consumers and organizations, especially in health care. 

 

What are ransomware attacks?

Ransomware is a type of malicious cyberattack.  Ransomware works by taking something valuable to you and holding that information hostage until you pay a fee. 

 

Ransomware infects your systems by infecting your computer with a virus, likely accomplished by tricking you into clicking on a link or downloading a file in a phishing email.  These emails are disguised as communication coming from a trustworthy entity, such as a vendor you work with.  Once you click on the link or attachment, the ransomware encrypts your hard drive on your computer.  It then locks you out of all of your files and threatens to destroy all files unless the ransom is paid.

 

Am I at risk?

Health care in particular has been seen as a target for ransomware attacks for a couple of reasons.  The health care industry as a whole is not as mature as other industries in their cybersecurity protection. 

 

Health care providers also have a history of actually paying the ransom demands.  This is mainly due to the fact that health care providers are under more pressure to get their systems up and running, since their data can affect patient lives.

 

How can ransomware attacks be prevented at my practice?

Health care organizations can do the best they can to prevent a ransomware attack by having the following controls in place:

  • Select the most secure vendors and up to date software for your organization

  • Make sure your practice has in place robust security software including anti-virus, anti-malware, email filtering, and firewalls

  • Make sure your vendors are compliant with health care and payment regulations including HIPAA &HITRUST

  • Train your employees on ransomware attacks, and how important their role is in preventing them

 

Many organizations still have the mentality that this will never happen to them.  The reality is that health care organizations are a target and need to be more proactive in their security.  Training your employees and having the proper security software in place can help keep your practice from going through the reputational and financial risk of a ransomware attack.

 

If you find this information to be useful, please subscribe to our blog here.