If your practice hasn’t been thinking about how to achieve protection from ransomware, it’s time to take a long, hard look at the software and backup systems that are protecting your company.
Ransomware is a simple program, specifically designed to slip past your active antivirus program, that breaks into your system with one purpose: to encrypt every file on your server. The result is that you’re either locked out of your system completely or you see nothing but a series of nonsensical symbols and letters. One open program, one open network connection, and before you know it, every computer, every server, every file in your practice has been infected.
Protecting your practice from ransomware is critical, particularly as these types of attacks become increasingly common.
Ransomware is Vicious
Ransomware doesn’t know which files are vital to the work that you do or the patients you see every day. In many cases, the program may not even be designed specifically for a healthcare system. It sweeps through your system indiscriminately, encrypting everything from patient care records to important invoices, and even your appointment schedules. In the blink of an eye, you can lose access to every piece of data in your system, shutting down your practice and making it impossible to see patients, unless you’re lucky enough to have a paper backup of important documents.
Ransomware is Expensive
When the ransom demand shows up, it’s usually balanced carefully to ensure that it’s exactly what you can afford to pay—but it will almost certainly be a heavy financial blow. Private users may pay as much as $600 to get their files back. Businesses often have to pay even more.
Worst of all, paying the ransom doesn’t mean that your troubles are over. You’ll also be hit with a financial loss from the time you spent turning patients away because you couldn’t access your files. You may also discover that the creator of the program had access to that confidential patient information—a breach of HIPAA that will require quite a few concessions to your patients. For example, one Florida ophthalmology practice was required to provide a year of identity theft monitoring to all of their patients after a possible PHI breach may have exposed the information of more than 87,000 patients. You may also risk losing patients as news about the ransomware attack becomes public knowledge.
Your IT Staff Can’t Fix It
You keep plenty of IT professionals on hand to handle any threats that arise against your system. They’ve tackled viruses before, and after some minor inconvenience, your system emerged unscathed. Ransomware, however, is a different type of virus.
Unless you get very lucky and your IT staff is able to uncover the key—the typically random scramble pattern that will allow you to decrypt your critical files—there’s very little chance that they’ll be able to restore your files and allow you to regain access to your network. Once you’ve been hit with ransomware, you’re going to have very little choice but to pay the expensive ransom to get your files back.
Its Creators Can’t Always Control It
Here’s the hard truth about ransomware that hackers and business professionals alike don’t want to admit: sometimes, even the creators can’t control it. They intend to return access to your files once you’ve paid the ransom. They may even take steps to make that happen. Unfortunately, programming glitches happen, and they happen with malicious programs just as often as others.
In most cases, ransomware creators want you to get access to your files back as soon as the ransom is paid. When word gets out that they aren’t providing the service that’s paid for, people stop paying the ransom, plain and simple. If the creator of the program isn’t able to control it effectively, however, returning access to those files to your practice can be impossible.
Keeping Access to Your Files
Knowing that a threat is out there doesn’t do you any good if you have no idea how to protect yourself. Protection starts with your IT team and makes its way through your entire practice, from your receptionist and nurses to every doctor within the practice.
Educate everyone. Learn how to recognize malicious links. Remind your staff regularly that they should never click on a link from a suspicious email, even if it appears to be from a legitimate source. Amazon, PayPal, and other well-known companies are popular targets for spammers, who assume that people won’t bother to check the real source of the email if it appears to come from a legitimate address.
Keep your anti-malware programs current. Keep in mind that it’s not just your computers that can be a target for ransomware. Phones, tablets, and any other device that can access the internet can inject the malware into your system.
Back up data regularly. Ideally, you want to back your data up in a location that isn’t connected to your regular network at the end of each work day. Then, even if the worst-case scenario occurs, you’ll never lose more than a day’s worth of data. Cloud servers that provide regular off-site backups are particularly critical for practices that process large quantities of data on a daily basis.
Develop a plan. You have a number of disaster plans in place. These include fire, flood, and weather emergencies, as well as power outages and other potential problems. Ideally, your disaster plan should include data disasters too.
Your data is critical to keeping your practice up and running. Make sure that you’re protecting it from ransomware! You need a cloud-based server that makes regular backups and that allows you to restore important data quickly and easily. If you’re worried about the inconvenience of backups and cloud protection, consider this: how inconvenient would it be to lose the data your practice relies on each day? Contact us today to put protections in place that will help keep your practice running smoothly, even if ransomware strikes.