Over a quarter of organizations in healthcare (27% actually) have been victim of a ransomware attack—like it or not.
Think about walking into your hospital on a Tuesday morning. Everything at first might seem normal. Then your assistant notices that she cannot get into her email. She opens a Word Document she had been working on Monday afternoon and sees that it’s no longer on her desktop.
Actually, none of her files are around—just gibberish files containing one little message. Something about paying bitcoin?
Turns out everyone in your facility is facing the same message. Your EHR system noticed some malicious traffic coming across your connection with them and has temporarily locked you out from accessing your cloud-based records.
You think at least we have backups. Turns out those backups were wiped out, too. You had backups, true, but those backups were misconfigured and were kept on your main network. The virus that swept through your hospital just destroyed those backups and now no one can access any digital information.
Billing is shut down (nearly a million dollars in AR wiped out). Medical Records cannot verify patient visits. Nurses cannot even tell whether they’ve administered or can administer medicine to patients—some of which are critically dependent on precise dosages.
That was just Tuesday. Think about your hospital spending weeks (actually the average critical access hospital takes about 3 weeks to recover from a ransomware attack) recovering. How many patients will you have to turn away? How many community members will try to seek treatment 40 minutes away at another facility? Can you risk getting hit by a ransomware attack?
Ransomware attacks have plagued organizations across healthcare over the past few years because they know that you have very valuable data in medical records. They are convinced that you will pay either way, and that paying a ransom under the table may be a lot easier than trying to recover.
What’s even more worrisome? Once hit, your facility will be twice as likely to be hit again. Once your hospital is put on a list of victims, don’t for a second think that the criminals are going to leave you alone. They’re going to wait until everything is calm and strike a second (or even a third) time just because they know you have a track record of getting attacked or paying a ransom note.
Where are ransomware attacks starting?
While many attackers are looking for easy doors onto your network—say unpatched machines and firewalls that are misconfigured (we find these at nearly 97 percent of hospitals we’ve audited), they are also looking for your users to give them a way in.
One huge problem your hospital will face is making sure their users are able to detect phishing scams and understand how to respond. Phishing attacks account for over 85% of attacks leading to completely ransomed networks.
The best way to get your team aware of recent attacks? Keep up on how cybercriminals are getting into facilities like yours and trying to get your team to fall for those schemes.
One way we get our clients (and their users) up to speed on ransomware-laden phishing attacks is by getting them to click on links. Knowing who falls victim to email scams and creating awareness on what to look for in an attack goes a long way to getting them to help keep your facility protected.
One more tip. Have a process put together and reward for users doing the right thing. One thing we implemented with our hospital users is a security awareness and reward system that helps empower departments and individual users to identify and say something. The more people talk about security and think of ways to improve security in their own work can make the difference between your hospital falling for an attack or data breach and keeping secure.
One of the cheapest and easiest ways to improve security is by integrating security directly into improving work flow efficiency and celebrating security as part of your culture.
Make sure you know your vulnerabilities. In addition to making sure users are able to detect scams and suspicious activity or requests through email or on the phone, you and your IT Support should be acutely aware of where your security vulnerabilities lie. Most cybersecurity experts recommend getting a security assessment—exposing how cybercriminals can get in and implement a full-blown ransomware attack—rather than simply getting a HIPAA audit exposing compliance issues.
