Why You Should Worry About Ransomware

You’re having lunch at your desk. It’s been a really busy day, so you decide to multitask and catch up on your personal emails. You open your Gmail account and see a notification from Facebook requesting a password reset “for security purposes.” You don’t want some weirdo hacking your account and posting fake messages, so you click on the link provided. When you open your browser, an alert pops up: your browser is outdated. Your lunch break is almost up, so you hurriedly download the update file. Instantly, your screen turns red and is emblazoned with the message “Hi there! Your files have been encrypted!” It’s followed by instructions to send 400 Bitcoin (what even is that?) to a strange-looking web address—that is, if you want your files back.

Sound like the plot to the latest Hollywood blockbuster? Unfortunately, this scenario is anything but make-believe. It’s a ransomware attack, and it can wreak havoc on your practice, your patients, and your pocketbook. Luckily, there are steps you can take to lower your risk of being attacked. Keep reading to find out how and why cybercriminals are targeting practices just like yours.

What is Ransomware?

Cybercriminals don’t use masks and guns to intimidate their victims—their weapon of choice is ransomware—a type of malicious software, a.k.a malware. Hackers specifically design it to block users from accessing their files and systems until they pay a ransom, often in decentralized digital currencies like Bitcoin, Litecoin, Zcash, and others. The ransom demand includes a deadline, after which the price increases. If the payment doesn’t occur, the victim loses their files forever. If those files contain valuable information (i.e. social security numbers, bank account information, etc.), they may be sold to other criminals on the dark web–an anonymous, untraceable part of the internet that is often a hub of illegal activity.

Why Healthcare is a Target

The healthcare industry is a top target for ransomware attacks, reports Renee Bouvelle, MD, who spoke about cybersecurity at the 2018 ASCRS·ASOA Annual Meeting in Washington, DC. In fact, healthcare organizations are the target of a whopping 88 percent of all ransomware attacks in the U.S., according to NTTSecurity, a cybersecurity technology and services vendor.

Why? Because “we’re not getting on it” compared to other industries, says Bouvelle. Healthcare is far behind other industries when it comes to protecting its infrastructure and electronically protected health information (ePHI). It doesn’t help that cybercriminals find healthcare data enticing. “The information we create is of value,” Bouvelle notes. It contains information like patient names, addresses, social security numbers, credit card information, prescribing credentials, and more. And it’s not just your patients’ privacy that’s at risk. It’s the record’s availability during treatment, Bouvelle notes. If certain patient information isn’t available, like medical history, current medications, or mental health conditions, that could lead to a serious breakdown in patient care. Research from Vanderbilt University suggests that mortality rates at hospitals rise after a data breach.

It’s a People Problem.

Think you’re safe because your network has a firewall and your computers have anti-virus software? Think again. “The human factor is the biggest source of trouble,” emphasizes Bouvelle. Consider this: only a very small percentage of ransomware attacks enter your IT system through a technical vulnerability. The vast majority of them rely on social engineering—exploiting a vulnerability in a person. The reasoning is simple—it’s a lot easier to get one person to open an attachment or download a file than it is to hack into a system, look for technical weaknesses, and figure out how to exploit them.

Ransomware attacks often result from phishing scams—fraudulent emails that seem real. They use a variety of techniques to trick the user into responding by clicking a link, downloading a file, or giving up private information like login credentials. Along with the “password reset” scam described earlier, here are a few of the most common phishing techniques:

  • A message from the “IRS” regarding refunds or balances due.
  • A fake “Notice to Appear” in court due to some minor infraction.
  • Links to “spoofed” websites—sites that look real (like bank sites) but are actually run by cybercriminals.
  • Email alerting of a “new fax received,” that a user can view by downloading an attachment.
  • Free downloads, like games, screensavers, or apps

You’re a Small Practice, not an Invisible Practice

Although the victims of many publicized ransomware attacks are larger health systems, don’t let media coverage fool you into thinking that your independent or smaller practice is immune. Small or rural practices are taking a big risk if they think that large, urban hospitals are hackers’ only targets. One attendee at Bouvelle’s ASCRS session described how her own Helena, Montana practice was hacked.  “It doesn’t get any more rural than us,” she said. When they discovered the breach, her practice contacted a healthcare cybersecurity specialist, and they were back up and running within a few hours. Her practice never determined with certainty the source of the attack, but they believe an employee accessing private email on the practice’s server made their system more vulnerable to attack.

Up Next…How to protect your practice from ransomware attacks.

Let’s Connect

Drop a line for our sales representative to get in touch with you

  • This field is for validation purposes and should be left unchanged.

Latest Article

images

Increase Your Contact Lens Capture Rate with These Tips

  • 23 Sep 2022

If your eye care practice sells contact lenses and eyeglasses, you might be asking a number of questions: What is capture rate? H...

images

Have a New EHR System? Why Training Your Staff Is Key

  • 14 Sep 2022

Is your medical practice switching from paper records to electronic health records (EHRs)? Are you switching from one EHR system to another? EHRs are vital tools that could assist your practice ...

images

How to Increase Patient Volume Without Hampering Quality of Care

  • 07 Sep 2022

For many health care providers, it seems like there aren’t enough hours in the day to help all the patients who need assistance. They could be wondering how to increase patient volume on a given...

Download Article

test
test
Book a Callback