Attacks from “ransomware” are on the rise and healthcare facilities are the new targets. Can it be long before the first long-term care organization becomes a victim? Now is the time to educate yourself and your employees to protect against hackers and malicious software.
Ransomware is malware that cuts off access to an infected system, demanding that you pay a ransom to unlock your valuable data. Some ransomware works by systematically encrypting the files on your network, making them impossible to use until you pay for the encryption key. In other cases, it may simply lock your system and display a message demanding that you pay up.
Attacks often begin as the result of “phishing” emails, where an employee inside the target organization responds to an email that seems legitimate but is actually from a hacker. The email requests sensitive information, such as a username, password or account number, and the employee unwisely provides it.
These types of scams began in Russia but have spread internationally. Security software vendor McAfee reported over 250,000 unique samples of ransomware in the first quarter of 2013 alone, more than double the number it had seen a year earlier. Recent attacks are estimated to have netted over $18 million before being shut down by the FBI.
After a wave of ransomware attacks on banks and retailers of the last two years, hackers are now setting their sights on the healthcare industry. Symantec, another security software vendor, reported that nearly 80% of their client incident calls came from health organizations last year.
A series of recent news stories reveal that hospitals are increasingly common targets. Two California hospitals were hit last month by ransomware, but officials say their patient data was kept safe. They were able to slow the spread of the virus by shutting down some IT systems, then restoring data from backups.
In another high-profile case, Los Angeles-based Hollywood Presbyterian Medical Center was forced to pay $17,000 in Bitcoins to regain control of its network from hackers using ransomware. Similar attacks have been reported by hospitals in Texas, Kentucky and Germany.
Why are healthcare organizations considered easy targets? Because they frequently do not have the elaborate network security and backup systems that are typical at larger companies. Healthcare in general tends to lag behind other consumer sectors in terms of IT sophistication. Long-term care, even more so.
Given the rise in ransomware attacks, it’s vital that your long-term care organization start preparing now. Here are three vital steps:
- Educate yourself about the risks. The rate of attacks is rapidly growing and healthcare companies are in the crosshairs. Don’t wait till it’s too late to protect your company.
- Ensure your IT organization has a defense plan. Comprehensive backups are the most useful protection, but your IT group should have a detailed plan for protecting individual PCs and users. A strategic plan for shutting down an attack, should one occur, is recommended as well.
- Educate employees about the dangers. Employees are often weak links in the security chain. Educate your staff about the risks of opening email attachments and links, installing questionable software, or providing sensitive information to anyone via email.
At SimpleLTC, we work hard to ensure the security of our clients’ data. All information is safeguarded and encrypted via cloud-based systems. Employees also undergo HIPAA and HITECH training, and access to PHI is restricted to just those employees who need it.
However, the data SimpleLTC holds on your behalf is only a part of a long-term care facility’s security plan. Your organization needs a thorough strategy to ensure your bases are covered when a hacker comes knocking at your digital door.
According to one survey, only 38% of companies are confident they could survive a ransomware attack. Don’t let your long-term care organization be the first victim. Prepare now to protect your company and your residents.