By David Chou, Digital Health Evangelist, dchougroup, and former CIO, University of Mississippi Medical Center
This article is by Featured Blogger David Chou from his LinkedIn page.
As continuous research is done to create better defenses against malicious computer attacks, cybercriminals have also come up with more ways to get cash into their pockets as quickly as possible.
In the past years, a new breed of computer virus has started infecting computers and mobile devices. These viruses are unlike the previous malware as they lock down the computer including the precious files in it and only unlocks it when the user has paid the demanded amount. Cryptolocker, Cryptowall, and TeslaCrypt are the new computer viruses that belong to a family of infections known as ransomware.
Cryptolocker is the earliest version of ransomware that started infecting computers in 2013. It easily infects computers through phishing links usually found in email attachments and through computer downloads.
Once a computer has been infected with ransomware, all the computer files are held as ‘hostage’ of the cybercriminals. In some cases, ads of pornographic websites appear on the screen each time a user clicks. These cybercriminals demand payment in order to unlock the files and restore the computer to its previous state.
As an added pressure, these criminals threaten users to delete all files if certain demands are not met within a specified period (usually within 24 hours). The desperate user usually doesn’t have any choice but to give in.
Ransomware Threat in Hospitals
Threats from ransomware has been widespread that it has affected computers of hospitals. In a Reuters report, it stated that a study from Health Information Trust Alliance on 30 mid-sized U.S. hospitals revealed that over half of these establishments (52%) were infected with the malicious software.
Just last month, the Methodist Hospital, an averaged-size facility in western Kentucky, was operating “in an internal state of emergency” after a ransomware attacked its networks, holding its computer files hostage until they pay up. The attack has led to the limited use of the hospital on its web-based services.
There has been a growing incidence of ransomware attacks on hospital computers in North America that it has led the United States and Canada to issue a joint cyber alert against these extortion attacks. The governments discouraged victims of the attack to pay these criminals as there’s no assurance that files will be retrieved.
How Companies Can Prevent Ransomware Attacks
Ransomware attacks are serious threats in the healthcare. When computers in hospitals stop functioning, there will be delay in information access and flow and may compromise the safety of the patients. When there is ransomware attack, caregivers will have no access to patient’s data which can be crucial for those who are unconscious. It can also result to delayed or undelivered lab requests and prescriptions. And since there are medical devices that rely on computers to be operated, they can be inoperable all throughout the period the computer is held ‘hostage.’
With more medical facilities relying heavily on technology for its operation, it’s crucial to keep the computers malware-free. The following are some tips on how you can prevent these ransomware attacks:
- Back up your data
One of the best things companies can do to protect themselves from ransomware is to regularly do backups. Regularly backing up your files can give you a peace of mind even if a malicious attack happens. Since ransomware can also encrypt files on mapped drives, it’s important to have a backup regimen on external drive or backup service that is not assigned a drive letter. The one key element that is missing during the backup process is testing the backup to make sure that it is working. Do not miss the testing step.
- Make file extensions visible In many cases, ransomware arrives as a file with a .PDF.EXE extension. By adjusting the settings to make these file extensions visible, you can easily spot these suspicious files.
- It also helps to filter email files with .EXE extension. Instead of exchanging executable files, you may opt for zip files instead.
- Take advantage of a ransomware prevention kit
The rise of ransomware and its threats has paved way for cybersecurity companies to come up with ransomware prevention kits. These kits protect the computer by disabling files that are run from the App Data, Local App Data folders, and executable files run from Temp directory.
- Disable the RDP
The RDP or Remote Desktop Protocol is a Windows utility that enables others to access your desktop remotely. If there is no practical use of RDP in your daily operations, then it’s best to disable it as it’s often used by ransomware to access targeted machines.
- Update your software regularly
Running outdated software makes your computer more vulnerable to ransomware attacks. So, make sure to regularly update your software.
- Install a reliable anti-malware software and firewall
This is applicable to malware in general. Having both the anti-malware software and firewall creates a double-wall protection against these malicious attacks. If some gets past the software, the firewall serves as the second level of protection from the malware.
- When ransomware attack is suspected, disconnect immediately from the network
While this isn’t a foolproof solution but disconnecting immediately from the network or unplugging from the WiFi as soon as ransomware file is suspected, you can reduce the damage caused by the malware. It may take some time to recover some files but doing this can somehow cut back the damage.
Ransomware poses a serious threat not just to the security of hospital files but as well to the patient’s safety. Hence, companies especially healthcare facilities must not take this malware issue lightly.
Originally published on LinkedIn