The Institute for Critical Infrastructure Technology (ICIT) has deemed 2016 as the “year ransomware holds America hostage” and states that attacks will “wreak havoc on America’s critical infrastructure community." As several healthcare facilities and providers have already fallen victim to ransomware, healthcare data security has become a top security issue and a regular headline in the news.
Pushed into a corner and faced with two options — to pay, or not to pay — facilities are scrambling to create an environment free from data breach. Sadly, there seems to be no end in sight for healthcare ransomware attacks. No organization, regardless of size, structure, function or status can assume they are safe from attacks, and simply ignoring the problem can invite even more chaos. Therefore, you must take all of the necessary steps to stop ransomware attacks in its tracks.
You may have questions — What is ransomware? What happens if my healthcare facility is a victim of data breach? How can it be prevented?
Read on for answers to these questions, as well as other vital information regarding healthcare data security.
What is ransomware?
Techopedia defines ransomware as, “a type of malware program that infects, locks or takes control of a system and demands ransom to undo it. Ransomware attacks and infects a computer with the intention of extorting money from its owner. Ransomware may also be referred to as a crypto-virus, crypto-Trojan or crypto-worm.”
Typically, ransomware is installed when an individual clicks an email attachment containing malicious content, infected software is downloaded, or when an individual visits a malicious website.
As a result, ransomware will cripple access to important data. Crypto ransomware encrypts data, while locker ransomware prevents users from accessing data completely. In order to gain access to their personal data again, an organization must pay up. Although this is not an old western film, the concept is the same. In a nutshell, an organization’s information will be held hostage until they give ransom.
How is ransomware dangerous to healthcare?
Once the money is paid to attackers, there is still no guarantee that the data will be released. This is exactly what happened to Kansas Heart Hospital. The hospital fell victim to ransomware attack and paid to have their data unlocked. After payment, hackers demanded more money.
Kansas Heart Hospital is not alone.
- Alvarado Hospital Medical Center, located in San Diego reported “malware disruption” back in April.
- Kentucky-based, Methodist Hospital reported that it’s servers were infected with Locky ransomware- this copies vital files, encrypts them, and deletes them.
- Chino Valley Medical Center and Desert Valley Hospital, both located in California reported attacks just last week.
- Elliot J Martin Chiropractic PC resulted in the disclosure of approximately 1,200 patient records.
- Earlier this year, Centers Plan for Healthy Living was the victim of data breach after a computer was stolen. The computer contained vital information for 6,893 patients.
- Virtua Medical Group was a target of attack, resulting in the disclosure of the records of 1,654 patients.
Again, it is not safe to assume you are immune — no organization, group, or individual is immune to these attacks.
The thought of hospital staff being denied access to patient records is scary and extremely dangerous. Without patient history, it is difficult to provide adequate care and, in some cases, this could mean life or death. Traditionally, hackers have avoided healthcare data breach. Many believe that, since it involved the lives of others, they did not target healthcare facilities.
Recently, there has been an increase in news coverage involving hospitals who have paid hackers to unlock information. Obviously, having access to patient data is critical in executing daily operations. Without adequate information, business comes to an abrupt halt.
We know this, hospital staff knows this, and hackers know this. Information acquired from attacks can include names, social security numbers, email addresses, phone numbers, mailing addresses, etc. Attaining this information is like striking gold. This has been one of the key factors in making the healthcare industry such an attractive target.
How can you prevent ransomware attack?
First, it is important to diminish the chances of attack, by simply educating employees. Employees should be capable of identifying malicious emails and websites. Taking the necessary time and resources to teach employees key information regarding phishing attacks could prove beneficial to not only the organization, but the patients who know and trust you with their lives.
In addition, healthcare facilities must create and execute a cybersecurity plan of action. This must be continuously reviewed and updated, as needed. More healthcare organizations have reported that they are using third-party services to assist in their approach to data security.
Properly educating employees, in addition to adequate technology, are important parts in fighting data breach and avoiding standoffs with hackers. Both must continuously evolve. Consult with a Managed Service Provider to start creating your technology road map.
Ready to learn more about cybersecurity best practices? Could your co-workers or employees use a little refresher on how to keep your organization's data secure? Good news! Our free eBook, Cybersecurity Tips for Employees is the complete guide to secure behavior online and in the office (and it's a quick and easy read, too!). Click here to download and share it with your office today!