Cyber Security

Ransomware Demanding Patients Pay Up!

 July 27, 2020

By  Anton Kiorolgo

Each year healthcare patients of all types have found their information posted publicly or sold online. Social security numbers, pre-surgery photographs, insurance information, scans of medical documents, and more have been susceptible to cyberattacks.

Just looking at the number of active investigations of healthcare IT attacks by the U.S. Department of Health and Human Services Office for Civil Rights is enough to induce stress for any IT professional.

Ransomware – The New Robbery

Ransomware operates in a fashion exactly matching how it sounds. A business’s files are suddenly and unexpectedly encrypted – completely inaccessible, and a note is left behind. This note frequently demands payment or the information being held hostage will be publicly revealed or destroyed.

Other Types of Healthcare Space IT Attacks

  • Medijacking: Even more insidiously, security experts are beginning to fear attacks on implanted medical devices such as insulin pumps and pacemakers – as some of these devices to feature wireless reporting features that require a connection accessible by hackers.
  • Equipment-Jacking: There have been at least three confirmed cases, including surgical blood gas analyzing equipment, x-ray imaging machinery, and medical scan storage systems. Security firm TrapX observed that the rise in these attacks is attributed to the devices themselves, as they are built using outdated operating systems such as Windows 2000, XP, and 7 – meaning that they now lack appropriate security built into their code with updates no longer being patched in. Essentially, these devices leave a broken door waiting to be forced open with minimal work.

Want to join in the conversation? Talk with us on social media!

Facebook: https://www.facebook.com/secfirstit/

LinkedIn: https://www.linkedin.com/company/securityfirstit

Hashtags: #smallbusiness #smallbusinesssecurity #MSPs #MSPSecurity #workingfromhome #internetsecurity #ITSecurity

How Can I Deter Ransomware?

  1. Use a VPN using a public connection is necessary.

VPNs provide an extra layer of protection by spoofing your IP address and encrypting transmissions, making them nearly untraceable. It is a good idea to use a VPN generally, even when doing inane internet browsing – however, when accessing pubic Wi-Fi or networks a VPN acts as a shield against any lurkers.

  • Use an email scanning system.

These systems prevent viruses and malware from coming through, disguised as an email or attachments. Most filtering systems will also prevent links leading to downloads or shady websites from being accessible.

How Should I Prepare in Case I Am the Victim of Ransomware?

  1. Keep a comprehensive physical or cloud backup.

Keeping a comprehensive and up-to-date backup ensures that no information will truly be lost when taken hostage. Why pay the ransom when there is a backup to pull from?

  • Keep all software up to date.

Ensure all software, including antivirus programs, is up to date. This will prevent viruses and malware from accessing pesky loopholes – remember, more are discovered every day – there is no such thing as a perfect program.

Help! My Information Has Been Published on the Internet! What Should I Do?

  1. Do not pay any ransoms or demands.

Stolen information is a lot like taking scans of a library book – even if the library book is returned, the scanned pages of the book aren’t deleted, they stay exactly where they were put, leaving the scanner to read them whenever they’d like. Stolen information works the exact same way – the encrypted information may be released and given back to the original and rightful owner, but that doesn’t stop the attacker from retaining a copy anyway. They already broke the law by stealing the information, who says they won’t still publish or sell the information anyway?

  • Lockdown your personal information and monitor it.

Change up passwords, take stock of all online accounts in your name, freeze your credit, and then put all of these on lockdown to ensure they aren’t changed or compromised without your knowledge. These extra safeguards will also warn you if another wave of attacks is being launched.

Having trouble finding trustworthy IT support?

Please contact us to schedule a consultation.

Subscribe to our newsletter now!