We’ve said it before and some things, due to the urgency, are just worth repeating. Ransomware is growing and evolving around the world. This past week three hospitals in Ontario had a major ransomware outage. The malicious software malware called “Ryuk“, which looks to have first appeared back in 2018, caused a wide range system outage. The malware has the ability to encrypt network drives and systems; possibly disabling system restores and deleting shadow backup copies. The malware, created by the criminals, normally force the victim to pay a ransom to unlock files. The impact of an attack can be extensive. System failures could occur with email, software, network files and health records, causing massive delays and cancellations of appointments for patients. In addition to Ontario ransomware recently infected systems in Alabama.
Medical offices and hospitals are often the main target of these types of attacks. Criminals prefer these attacks because of the critical nature of patient medical records and data. Back in 2017 we talked about ransomware and the threat to the Healthcare industry.
“Ransomware is malicious software that locks and encrypts your computer or computer files, demanding payment to get them back. It could affect all programs and files. Recently in news ransomware attacks took place at Norfork General Hospital in Simcoe, Presbyterian Medical in L.A and the Ottawa General Hospital. Specifically, in local news, at the Ottawa General Hospital various computers were hit with ransomware; encrypting information and making the data totally inaccessible to medical staff, without payment to criminals.” (2017, May 13).
Remember police and law enforcement will never encourage victims to pay the ransom. Doing so may only encourage criminals to do it again.
Ransomware is difficult to fight, but you can follow best practices to keep yourself as safe as possible from attacks.
- Train your employees and keep them informed about phishing attacks
- Make sure your antivirus and malware protection is up to date
- Keep your network and Operating System patches updated
- Make sure you have a firewall and proper intrusion detection
- Secure your passwords
- Backup your data both locally and offsite
- Limit Internet access to internal systems
There is so much more you can do, but the list above is a start. As mentioned before the possible ramifications of lost data is (1) no ability to track accounts receivables, (2) no cash flow the following month, (3) no schedule or patient data records. If you need information on protecting your EMR or medical software email us at firstname.lastname@example.org.