Just how susceptible is the healthcare industry to ransomware attacks?
Very susceptible. In fact, according to a recent threat report by Cylance, healthcare now experiences the most ransomware attacks of any industry. Ransomware attacks overall grew 300% in 2017, and an astounding 85% of all malware attacks occurred in healthcare.
Why is healthcare such a frequent target?
The most obvious reason is that healthcare data is highly personal and usually accompanied by an individual’s financial information. Personal medical information is considered to be worth a lot more than a credit card number on the black market these days. While credit card data theft can be quickly reported to banks, medical data theft is more insidious. Criminals can use the stolen information to create fake IDs to purchase medical equipment or drugs for resale. They’ve also been known to combine patient numbers with false provider numbers to file fictitious insurance claims. And, it usually takes individuals a long time to realize they’ve been scammed.
Healthcare IT has also been painfully slow in updating its legacy systems to address cyberthreats. It’s ironic that an industry like healthcare that lags behind in advanced security measures still retains so much trust among consumers. According to a recent Accenture study, 88% of consumers trust their healthcare providers to keep their digital data secure. And the percentages for hospitals and pharmacies are almost as high: 84% and 85% respectively.
What precautions can your healthcare customers take to prevent ransomware attacks?
- Make sure all operating systems and software are kept up-to-date with relevant patches. This applies to all devices—desktops, laptops, smartphones and tablets.
- Back up data frequently (at least daily) and, if possible, to an external location.
- Remove all desktop protocol connections accessible from the internet.
- Install reputable antivirus software and up-to-date firewall technology.
- Make sure email servers employ content scanning and filtering. Inbound emails should be scanned for known threats and risky attachment types should be blocked.
- Instruct all employees not to provide personal information when answering emails, unsolicited phone calls, and text and instant messages and to contact the IT department if they receive suspicious calls. When they’re traveling, employees should notify the IT department ahead of time—and make sure to use a trustworthy Virtual Private Network (VPN) to access public Wi-Fi.
- Conduct internal threat assessments at least once a year.
What should customers do if they fall victim to a ransomware attack?
It’s pretty much a universal opinion that companies that experience a ransomware attack should NOT pay the ransom. They should take other measures instead:
- Disconnect the infected device from the internet—and, if necessary, other devices that could affect the safety of the network. It’s important to keep the attack from spreading.
- Research the situation using information in the ransom note. Enter the email address, the name of the ransomware, and the text of the note into a search engine for clues. The perpetrator may be bluffing and there may be an available encryption decoder that can work,
- If possible, remove the ransomware. If it’s a simple ransomware virus, malware removal software may work to clean it up. More aggressive forms may require the help of a security expert.
- Try reinstalling the operating system and rebuilding files from the backups.
- Notify law enforcement, ideally the nearest FBI office, of the attack.
It’s important for your healthcare customers to be prepared.
As their trusted IT advisor, you need to impress upon them the importance of updating their security infrastructure. Ransomware attacks can be costly—not just to a company’s finances but also to their reputation. Being prepared and vigilant are essential.