Ransomware, a type of computer virus that arrives via email attachment, website link, or other online exploit, continues to present a major problem for businesses. Once a virus infects a host computer, it connects to illicit servers, usually located in a foreign country, that then transmit personal information like your IP address, geographic area, system setup, and login details. Those servers will then create a random encryption key that can lock up individual files, both those located on your actual machine and those on any external hard drives or shared networks.
Once those files are encrypted, users cannot access them without paying a ransom to obtain a decryption key — unless, of course, they have trusted data backups and a reliable disaster recovery service in their corner. But here’s the thing: when ransomware strikes any business, it can cause chaos. When a hospital is the target of an attack, well, the stakes get a whole lot higher.
Hollywood Presbyterian Medical Center in Los Angeles was hit by ransomware in February, when its computer systems went offline for more than week and hackers demanded $3.6 million to restore the company’s files. That had such a negative impact on the business that critical procedures couldn’t be carried out — some patients even had to be moved to nearby facilities for treatment.
In addition, hospital employees couldn’t access patient data, email messages, and other important information. Instead, they had to rely on good old-fashioned pen and paper, along with fax machines and other antiquated technologies that had a major impact on productivity and efficiency. Most tellingly, the hospital refused to reveal what kind of data backup system it had in place.
The hospital and the FBI claimed that no patient records were accessed by hackers because of the ransomware infection, but that Another recent NBC News story revealed that one in three Americans had their health care records compromised in 2015, many via the exact kind of ransomware attack mentioned above
So if you work in the health care industry, what can you do to keep your company and its critical data safe?
5 Ways to Protect Your Business From Data Breaches
1) Ensure that your business meets all HIPAA compliance requirements.
Becoming HIPAA compliant can be a complicated task that includes data encryption, data backup, recovery, and eradication capabilities.
2) Implement well tested and comprehensive policies and procedures that apply to all technology use.
These include best practices for online communications, data handling and storage, and privacy and security agreements between every third-party vendor you do business with.
3) Strong procedures for password creation and maintenance.
Unique passwords that rely on random strings of characters are vital, as are enterprise-grade password management systems, two-factor authentication, and other forms of elite security.
4) Physical precautions like laptop cables, external drive guards, and strong security systems.
Don’t discount the basics, especially when it comes to the way patient records are stored. Many of the most high-profile health care breaches have come from stolen laptops and thumb drives or careless data access records.
5) Put proactive services to work so that issues can be pinpointed and resolved before they happen.
In the health care field, where patient records and 24/7 connectivity is so clutch, this is a must. Especially since static defenses like firewalls represent just one facet of a larger security strategy that includes strong proactive monitoring and management, backup and disaster recovery, anti-virus, anti-malware, anti-spam, and anti-spyware solutions.
In the health care realm, the consequences of a data breach or ransomware infection can include civil and criminal penalties, along with a significant hit to the reputation of your company.
At CMIT Solutions, we’re fellow business owners who’ve gone above and beyond the call of duty when it comes to HIPAA compliance. Let us help you by delivering technology positive outcomes and an unparalleled level of IT care.