There have been at least seven notable ransomware attacks on health care facilities in the past two months. The attacks are happening to organizations of all sizes, from the huge ten-hospital MedStar system to a tiny 126-bed hospital in rural California. Each attack had unique features, but they all have two vital lessons in common:
1. The difference between a slowdown and a devastating shutdown is multi-layered monitoring.
The only way to guarantee the complete and safe recovery of all data is constant secure data backup.
February 5. California hospital pays hackers $17K
February 29. Los Angeles Dept. of Health latest ransomware victim
March 16. Ransomware hits Ottawa Hospital
What Happens During a Typical Ransomware Attack
First, the virus enters your system through an email attachment, website link, or infected data stick. These aren’t the obvious sort of bad links and attachments that you warn your granny about. They are very hard to identify as nefarious. (See our previous blog post, Sneaky Hackers Fool Smart Employees.) The virus can also enter through security vulnerabilities in your browser (which is why you should always install all suggested security patches.)
Next, the virus sends as much information about your systems as it can to the hackers who created it. They use this information to create an encryption key, which they send back to the virus on your computer — or your entire network.
Finally, once back in your system, the encryption key does one of these three things:
– Encrypts individual files and folders and demands payments when you try to open them.
– Freezes your screen with their payment demand.
– Interrupts the Master Boot Record (a section of the computer’s hard drive that allows the operating system to boot up) and shows a payment demand on the screen.
The HIPAA-HITECH Backup Requirements
Remember when we said that the only way to guarantee the complete and safe recovery of all data is constant secure data backup? Your health care business has to have this kind of backup anyway, in order to meet HIPAA-HITECH requirements. According to these rules, your data must be:
1. Backed up off-site
2. Encrypted during transfer
3. Encrypted or destroyed at rest
4. Retrievable in its original form
How To Protect Your Data
Your managed IT provider should install a network defense system, monitor your computers and servers, implement the backup solution that’s right for you, and regularly test the restoration process. This is the best way to prevent and recover from a ransomware attack.
Dateline: April 7, 2016
Author: CMIT Solutions of Gilbert and Mesa