If you’ve been reading the news, there’s a good chance you’ve heard about the recent uptick in online ransomware attacks. Much like an actual ransom, where a person or object is stolen and held until an amount of money is paid to the thief, digital ransom attacks can lock users out of their own data until they pay up.
According to security software developer Trend Micro, ransomware infects a system and encrypts user data with a highly complex code. Only with a unique encryption key can the user gain access to their files. Typically, digital thieves ask for payment in bitcoins, other cryptocurrencies or even online gift cards.
The recent Wannacry ransomware attack highlights the importance of data security for individuals, businesses and medical practices alike.
Wannacry: A cautionary tale
On May 12, the first organizations were hit with the Wannacry ransomware, causing panic and confusion that quickly spread across the internet. According to ABC News, the Spanish telecommunications company Telefónica was the first to be attacked, quickly followed by several healthcare organizations in the U.K.
By that afternoon, dozens of companies had been affected, including European car manufacturers, Russian cellular providers and American postal carriers.
Experts soon discovered the Wannacry virus could affect any machine running an out-of-date version of Windows 10. Organizations that had updated their machines with the official March 2017 patch from Microsoft were not vulnerable.
By the time the dust settled on May 15 – after an analyst in the U.K. prevented the attack from spreading – over 10,000 organizations and 200,000 individuals were affected, reported Windows Central.
The timing of the attack seems to have spared most American organizations. The attack happened in the early hours of the morning in the U.S., meaning many IT professionals had advanced warning and were able to take evasive measures.
Keeping your systems up to date
The Wannacry attack could have been much worse. Had that U.K. analyst not stumbled upon a mistake in the virus’ code, it could have affected exponentially more machines. Healthcare organizations must be highly cautious of infection, because their data is critical to patient health.
Some businesses may be able to wait to regain access to their data – but hospitals are often left with no choice but to pay up. When patient lives are on the line, the price ceases to matter.
For example, an infamous ransomware attack left Hollywood Presbyterian Medical Center offline for nearly a week in February 2016. Patients had to pick up prescriptions in person and all internal communications had to be sent via handwritten note or fax. HPMC paid the hackers $17,000 in bitcoins to regain access to patient data.
Safe practices at the office
Keeping your computer operating systems up-to-date is one of the best and easiest ways to prevent ransomware attacks. Having a current version of an application designed to protect against viruses, malware, and ransomware, installed on all your workstations, is also an excellent way to protect against these types of threats. Healthcare organizations should also establish policies and procedures for updating all their computers, along with any other network connected equipment, and verify the policies are being routinely followed. Additionally, all employees should have basic training on computing safety protocols, like making sure your staff is not ignoring update messages from the software vendors.
Healthcare professionals understand how to protect against viruses of the body and they can apply those same instincts to the digital world. Thinking of it as good computer hygiene might help. Updating your devices’ operating systems, virus protection software and EHR platform are the best ways to inoculate your organization against costly ransomware attacks.
To learn more about keeping your workstations protected, contact the technology experts at Tangible Solutions today!