Incidences of ransomware are becoming increasingly common across the medical profession–and unfortunately, you can’t know whether or not your practice will be targeted until it happens. While you can’t guarantee that you’ll be completely safe, you can take steps to ensure that you will be able to react quickly and efficiently in the event of an attack. You can also make sure that your practice will be disrupted as little as possible by ransomware.
Preparing for Attacks
Just like you prepare for high-volume times in your practice, particularly when you know there’s an illness out there that’s targeting your patients, you can make preparations in case your practice is one of the ones hit by ransomware. The better you’re prepared, the better you can withstand those attacks.
Back up daily. That means every day, without fail. Backups should be stored separately from your main files and inaccessible from your regular network. Having daily backups in place means that the worst you can lose in a ransomware attack is a day’s worth of patient data–and that means that your practice can easily keep seeing patients even if you’ve been hit by an attack. The better your backup procedures, the more of your data you’ll be able to protect.
Test your restore options to make sure they work. Having that data in place is great, but it doesn’t do you any good if you can’t use it. Make sure that you test your restore options on a regular basis, that your backup software is working smoothly, and that your technical team knows how to implement them quickly to get you back up and running after a ransomware attack.
Encrypt patient data. Some ransomware is designed to simply hold your information hostage until the developer provides the key to unlock it. Other ransomware will capture that information and transmit it to the individual responsible for the attack. By encrypting patient data, you can prevent your patients’ privacy from being invaded by the attack.
Install the right software. There are programs that can help isolate the directories that ransomware typically targets first as well as blocking software that will find the presence of ransomware and send out the alert before the entire system is compromised.
Train every employee on the network. From nurses and technicians to receptionists, doctors to the technical team, everyone with access to the network should know how to detect improper emails, avoid suspicious links, and appreciate how to access websites correctly from the practice network. Social engineering is a favorite habit of many ransomware creators. They’ll design emails that look just like the real thing or provide the perfect hook to encourage employees to click that link or download that file–and then your network is compromised. The better your training, the less likely your practice is to be social engineered. Keep in mind that the vast majority of ransomware attacks on a system are the result of human error, then train your employees to avoid them.
Keep your software updated. Programmers aren’t always perfect. Sometimes, they leave glaring holes in their programs that will allow unauthorized individuals access to your practice’s private information. Other times, holes are simply discovered after the release of the product. Software patches and updates are designed to help fix those problems and protect your practice, but they can’t do their job if you’re putting off routine maintenance. Install software updates on a regular basis and make sure that your technical team is monitoring information about security holes in any programs that your team uses routinely.
Immediately After an Attack
In spite of your best precautions, you may find yourself hit with a ransomware attack–and you might not even know where it came from. No matter what the source, you’ll need to react quickly so that your practice can continue seeing patients as usual.
Devise a plan of action immediately with your internal or external IT support staff to limit your downtime and recover your data.
Remove any individually infected devices from the network as soon as possible. Just as you would quarantine a patient who has been impacted by a highly infectious disease, you want to remove infected machines from the network so ransomware can’t spread.
Restore from your most recent backup. Hopefully, that backup was made the night before, so you haven’t lost a great deal of patient data. The good news is, your practice should be able to continue functioning normally even with a lost day of data.
Avoid paying the ransom if possible. The FBI urges impacted businesses to avoid encouraging ransomware creators–and every ransom that is paid encourages those creators to create other attacks in the future. However, if you do not have an adequate backup and the ransom is going to compromise your business operations significantly, you should look at your options of paying the ransom (if it is within reason) to ensure that you do not lose your very important medical records data. You should rely on the guidance and expertise of your internal or external IT professionals as to whether or not a ransom request should be paid.
Look into decryption. Your technical team or IT provider may be able to decrypt your data using a variety of free tools or other methods. Keep in mind, however, that the infected devices should remain off the network while they’re performing these steps and that it should be done by individuals with security experience–don’t try to do it on your own!
Restore your systems to their default settings. If you don’t have access to enough equipment to see patients successfully in spite of the data breach, restoring your systems to default is an option. Keep in mind that you’ll lose all of your data in the process, which will make it necessary to use backups to put as much information as possible back in place.
As a medical practice, your goal is to have enough backups and redundancies in place that no matter what type of cyber attack your practice suffers, you’ll have everything you need to be back up and seeing patients again as soon as possible. Reliance on technology allows you to accomplish many things, but not if you no longer have access to the critical data it holds. Need more help setting those backups in place? Contact us today to learn how we can help ensure that your practice will keep running smoothly even if you’re hit with a ransomware attack.