Ransomware Attacks: What Medical Practices Need to Know

There is a serious outbreak going on in medical facilities across the United States. And no, we’re not talking about COVID-19. We’re talking about ransomware attacks. In fact, according to research from CheckPoint, the U.S. saw a 98.1% increase in ransomware attacks in the 3rd quarter of 2020, with the U.S. healthcare sector being the biggest target.

You’ve probably heard the horror stories of entire hospital chains crippled by ransomware attacks. In September 2020, computer systems at Universal Health Services (UHS), which operates 400 hospitals and behavioral health facilities in the U.S. and the U.K., came under attack.

400 UHS hospitals in the U.S. were left without access to computer and phone systems, forcing them to divert ambulances and transfer patients who needed surgery. It took the IT team 3 weeks to bring all systems back online. It’s still unknown if they paid the ransom.

Just What Is Ransomware?

Encryption ransomware is a form of malware used to infect computers. But it’s worse than a virus that might slow down your laptop. It encrypts files on your network, making the whole system useless. In most situations, a screen pops up that threatens to release information unless you pay the ransom to get the decryption key.

In most cases, the bad actors operate through the easiest channels possible – weak credentials to unpatched systems and phishing emails. Using weak login credentials is like putting out the welcome mat for ransomware actors and clicking on a link in an email can be very dangerous.

Ransomware is a growing threat to hospitals and medical practices alike, but there are steps you can take to avoid becoming a victim.

Ransomware Protection Tips

As a practice owner or manager, the responsibility of preventing a ransomware attack and dealing with the consequences of a ransomware infection ultimately resides with you. Are you taking proactive steps to ensure your are protected or are you trusting your IT team to "take care of it”?

While your IT department or provider can execute the tasks, the business decisions and policy reside at the executive level. The two must work together to make sure the practice is protected on all fronts. Not sure where to start? Here are some straightforward steps to improve your security posture and limit your exposure to a ransomware attack.

Use this article to talk to your healthcare IT provider to ensure you are prepared for a ransomware attack.

1. Password Policy

  • Know the complexity and length. There is a lot of guidance on how complex and long is right for your practice.
  • Identify any password exceptions or any other weaknesses. Sometimes exceptions are made for specific individuals or systems for ease of use. This is similar to installing a deadbolt on your front door while locking only the screen door of your back door.
  • Ensure that your server password policy is as strong as your other password policies

2. Detailed Asset Report

  • Identify ALL systems in your practice and do a thorough search for any system that is not on the asset inventory list. Check for spare systems, specialty systems, or rarely used systems.
  • By running the detailed asset report, you can protect each system; even those you were unaware of before the report.

3. Antivirus (AV) Patch Status on All Systems, Workstations, and Servers

  • Apply AV to all systems AND
  • Ensure up-to-date patching. Be vigilant about ensuring all systems are current on their patch level.
  • Systems may get missed from patching if they are not available at the time (turned off, in storage, or bypassed).
  • If patching is not possible due to an incompatibility with legacy software – ensure the system is closely managed and has additional controls to minimize risk exposure.

4. Backup Strategy and Disaster Recovery Plan

  • What is your IT backup plan? How often are your systems backed up? Onsite or offsite, or both? When was the last time a restore from backup was tested?
  • Ask your IT to describe the disaster recovery plan. What are the current recovery time objective (RTO) and the recovery point objective (RPO)?
  • Ensure RTO and RPO both meet the expectations of the practice. Having timely and comprehensive backups will minimize downtime if ransomware does find its way into your practice.

By asking these questions now and getting full answers, you can develop a more robust security plan to help you ward off any ransomware threat. Learn more about ransomware and best practices by reading the Cybersecurity & Infrastructure Agency (CISA) Ransomware Guide.

PEAKE Technology Partners Provides Healthcare IT Solutions

If your practice has fallen victim to a ransomware attack, we may be able to help get your systems back on track. We offer ransomware removal services as well as a security risk assessment to help you identify weak spots in your network systems. Call us at (866) 357-3253.

Oxygen Icon Box

(866) 357-3253

5041 Howerton Way
Suite A
Bowie, Maryland 20715
Enter your email address to subscribe to our newsletter.
phone-handset