14 Nov What Hospitals Need to Know About Ransomware
Major hospitals and some health clinics in the US and Australia have been crippled in new ransomware attacks, forcing some into emergency manual mode and one to close permanently due to extensive loss of patient healthcare records encrypted by data kidnappers. This threat is not far from reaching Ghana.
What is ransomware?
Ransomware is a type of malicious cyberattack that has grown in notoriety and frequency in recent years. You might be able to guess the mechanics of a ransomware attack from hearing the name. Like kidnapping, ransomware works by taking something valuable to you—your files—and holds them hostage until you pay a ransom.
Ransomware infiltrates your system by infecting your computer with a virus, which is likely accomplished by tricking you into clicking on a link or downloading a file in a phishing email. These emails are disguised as a communication coming from a trustworthy entity, such as a well-known brand or your internet or energy supplier. Once you click on the malicious link or attachment, the ransomware encrypts your computer’s hard drive and locks you out of all of your files. A screen then appears threatening to destroy all files unless the ransom is paid.
Why Ransomware Attacks Target Hospitals?
Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.
Hospitals are a good target for another reason as well: they “have not trained their employees on security awareness … and hospitals don’t focus on cybersecurity in general.
How to protect yourself from ransomware
- Change passwords regularly. Avoid using default or easily guessed passwords to access any systems or equipment connected to your hospital’s network. Hackers are sophisticated and have software programs available to crack passwords that aren’t secure. They can also secretly install malware on your machines that tracks people’s keystrokes so they can steal passwords. To make this sort of theft harder, have staff change their passwords on at least a quarterly basis.
- Know what’s on your network. It’s not just computers that need to be secured. Any smart medical devices that are connected to your facility’s internet network can also be used as points of entry for hackers, who can exploit security weaknesses in these devices to gain unauthorized access to your system and computer hardware. Double-check that these devices are running the most up-to-date versions of any required software programs.
- Create a plan. Have a plan in place for how your hospital would handle a ransomware attack. Because they’ve become more common, it’s not just a theoretical situation – it’s something that your facility could encounter. And you don’t want to be caught off guard if your network is attacked. Your plan should include everything from how you’ll handle disinfecting hardware to how you’ll conduct business while working on the problem. It should also cover how you’ll explain the situation to the patients and whether you’ll get the authorities involved.
- Have backup files for important data. Make sure you keep secure backups of all info saved on your computer systems, including patient charts in your electronic health records (EHR) system. These backups should be encrypted and stored somewhere that’s not your main network, so it won’t be compromised if an attack happens. Backups should also be updated regularly. That way, if something does happen with your system, you won’t have to rely on outdated backup data to be up and running again.
You can also speak to Us for expert advice on Cyber security.