Recent news stories highlight how some hospitals in the United States have fallen victims to “ransomware” attacks. This malware locks up computers until the ransom amount, usually in the form of bitcoins is paid to the hacker. When a healthcare entity is hit, the medical records of patients are jeopardized. Patient medical records are important from the point of view of healthcare; they are also important legal documents used for medical records review in medical litigation. Ransomware has now become an actual and primary threat to healthcare organizations and providers. This concern exists for big as well as small organizations, and when there is a break in the continuity of care patients are put at risk. This threat may in the near future spread to other entities such as law firms and organizations handling medical records.
However, there are certain steps organizations can take to minimize ransomware attack.
- Have a solid security program in place to prevent breaches.
- Have a good plan for an end user awareness program and execute it well. You need to focus on education and communication, and ensure that users do not perform risky actions. This includes actions such as clicking on unsafe web links included in emails.
- Assess permissions users enjoy on mapped network drives. It is best to employ the principle of least privilege so that the impact any one user can have on the organization’s network shared drives can be minimized.
- Constantly monitor access to file servers to identify distinctive patterns signifying ransomware. Early detection of such harmful files will help to minimize the damage.
- Ransomware is spread through malicious ads that users may click on when they visit certain websites. These can be prevented by adding ad blocking. If employees need to access the Internet unrestricted, they can be allowed to do so via a separate network.
- Make sure to validate the origin of emails that arrive in the organization. Harmful emails will have malicious attachments that will lead to the ransomware being downloaded on the victim’s computer when the attachment is opened.
- It is best to protect mail servers by scanning all stored, as well as incoming/outgoing email. In this way threats can be detected and prevented from infecting the systems.
- Review and authenticate server backup processes to ensure that the backups are not compromised or configured improperly. Backups are needed to restore service.
- Install a good firewall system to protect the network. It should automatically block threats based on a threat feed that is constantly updated.
Careful monitoring along with implementation of a good education and awareness program will surely reduce risks to business continuity.