Cybersecurity has been a major concern with the rise of ransomware incidents over the past few years. This form of cyber attack is an ever-growing problem that affects many industries but often targets healthcare organizations. By knowing what vulnerabilities to watch out for, using a secure Electronic Health Record (EHR), and educating your staff on security best practices you can protect your healthcare agency and defend against the rise of ransomware threats.
Ransomware is a form of malware that refuses access to the target’s data. Targeted organizations are asked to pay a ransom in order to recover their files and often paying that ransom is the most cost-effective way to get their data back. As such, ransomware has become a very lucrative criminal activity and continues to self-fund itself as the next generation of ransomware evolves to be even more sophisticated. With this, the cost of each ransom continues to rise as well. Healthcare providers are one of the most susceptible and impacted industries because of the wealth of sensitive, personal health information (PHI) files they contain. These records can be traded for hundreds of dollars each and are often sold several times. Healthcare system security is also often more vulnerable because security is often driven more by compliance than modern security best practices.
This form of malware has the ability to infect any type of computer including mobile devices, IoT, routers, cloud storage, etc. but it often gains access through devices such as a printer, medical equipment, or other connected devices. When security scans are done by healthcare agencies to assess security vulnerabilities, often these devices are ignored because they are waived as low to medium vulnerability. It is often those low to medium vulnerability devices which are targeted; however, because they are often not prioritized to be secured and offer an easy way to gain access to your network. Make sure your healthcare agency is securing any and all vulnerabilities in your network and not just those which are flagged as high vulnerability targets.
Additionally, make sure your EHR system is secure as it houses all of the records that threat actors are trying to gain access to. You can start by using an EHR with security certifications issued by reputable accrediting agencies such as databrackets. This will ensure your EHR has been audited on their ability to provide secure data management and is even more secure against the rise of ransomware. Extra layers of protection for your EHR like Multi-Factor Authentication is also recommended. Having an EHR vendor that provides regular data backups, a great incident response, and has contingency plans in place in the event of an attack are also advisable.
Finally, be sure your staff makes moves to increase security and protect patient data from ransomware. The primary ways that ransomware attacks happen are via malicious phishing emails meant to trick the recipient into disclosing login credentials. These credentials are then used to access your websites, applications and business data. The data they gain access to is then encrypted so that your agency cannot access it unless you pay the ransom. Because of this, oftentimes, the weakest security link at any organization is its employees. Educate all staff on password security, email security and not sharing work laptops with family and friends. Your staff should be informed that spam filters will not stop all malicious emails.
According to an article by databrackets, ransomware attacks have cost U.S. healthcare organizations $157 million since 2016 and the individual ransom of 1,400 clinics, hospitals, and other healthcare organizations varied from $1,600 to $14 million per attack. Defending your organization’s data is more critical than ever, but if your staff follows these security measures, you can protect yourself from the rise in ransomware.