The concept of thievery isn’t all that complicated. In fact, it’s an old and obnoxious tradition that companies and individuals have been battling for centuries. In the modern age, however, theft has evolved into the kind of problem that requires millions of dollars and whole teams of security professionals to combat. Unfortunately, healthcare organizations have been hit hard in the past few years by various cyber data breaches, resulting in millions of records being compromised each year.
The most recent of these threats to healthcare data security comes in the form of “ransomware,” a type of malware that can infiltrate computers or networks via email. The bug takes hold of hardware and internal records and keeps them “hostage” until a ransom payment is made. This type of cyberattack has become so persistent for healthcare organizations across the globe, from large to small, that some are starting to get sick of repeated attacks—they’re starting to find ways to fight back.
According to some experts, ransomware has increased in popularity because of a flood of stolen healthcare data records into the market. Since 2015 alone, more than 100 million records have been stolen from healthcare organizations in the U.S., including the roughly 79 million records stolen from Anthem, Inc. (reported in February of 2015). Simple supply and demand laws dictate that the more of something available, the less money you’ll get for it. In order to refill the coffers, cybercriminals have turned to making quick bucks by preying on unwary consumers and businesses through ransomware.
While it’s difficult to trace most of these ransomware attacks back to their original source for prosecution, many are apparently originating from Romania, U.S. criminal charges are unrealistic if not impossible. However, there are other ways to go about discouraging and preventing attacks.
The best way to avoid falling victim to ransomware within your practice or hospital is to be wary, proactive, and prepared. The following actions could save you money and time by keeping your healthcare organization safe from ransomware infiltration:
Keep your security up to date.
To begin with, make sure you have strong firewalls to protect your network, including several layers of password protection to keep patient records safe and prevent healthcare breaches. After the main levels are in place, take steps to ensure that every update is installed promptly and that all security software is up-to-date and fully operational. Effective healthcare data security relies heavily on vigilant monitoring.
Educate your staff.
Another important step is preventing any doorways from being opened by unprepared staff. All members of your team who have access to any healthcare records should be briefed on how to maintain healthcare data security. This means that they should be able to recognize phishing emails and ransomware upload attempts. They should be capably versed in what information to give out over the phone without verification and how to spot fraud if it arises. This kind of knowledge only benefits your organization and helps prevent multiple types of healthcare data breaches.
Create safe and reliable backups.
If your organization has not already invested in reliable backup storage, start researching now. Should ransomware or any other type of malware infiltrate your systems, effective backups and secondary record storage will allow you to wipe and reboot systems to wipe away malicious software.
Do not give in.
Whatever you do, don’t give in to their demands and make payment. If the cybercriminals are getting paid, then they are going to keep doing it. Giving in hurts everyone in the industry and leads to more healthcare breaches in the long run.
Be knowledgeable and prepared.
Know your enemy. Well, know them as best you can in this case. It’s hard to get a good feel for the exact threat when it comes to cybercriminals, but setting up strong preventatives such as firewalls and email filters are a good start. Staying on top of the issue is also important and that means subscribing to newsletters and doing regular research. Set aside an hour a week to keep up on new attacks and new trends in cybercriminal operations by doing searches or checking regular IT news websites. Government organizations such as the Department of Health and Human Services’ Office for Civil Rights and the Department of Homeland Security even offer advice on their websites for data breach protection.
Ransomware may be a real threat for healthcare data security at the moment, but most bugs of this type can be prevented by caution and smart, proactive thinking. Whether your healthcare organization is small or large, take a moment to assess your current level of security against ransomware and other malware threats, and get ready. If you haven’t been hit yet, it may only be a matter of time.