Facility Security, Part Three: Ransomware

November 9, 2016

Laptop computer attacked by ransomware


Last month we looked at how to avoid falling victim to phishing scams. This month we take a look at ransomware.

Ransomware attacks have been on the rise, especially in the healthcare sector. One study shows there are now an average of 4,000 such attacks every day. Some experts expect the cost of ransomware attacks to reach $1 billion this year.

Ransomware is malware that covertly installs on a victim’s computer, executes an attack that adversely affects it—often by encrypting the victim’s files, making them inaccessible—and demands a ransom payment to restore it. In healthcare, this often means encrypting data in EHRs so doctors and nurses can’t access patient records or test results, thereby crippling the facility unless payment is made.

How to avoid falling victim to ransomware
In order to install ransomware, a cybercriminal has to gain access to your system. This can be surprisingly easy to do, but there are some ways in which you can prevent this from happening.


User training
The most important aspect of prevention is user training. Be sure to train your staff to understand the threat of ransomware. Convey how important your workers are in protecting the data of the company, patients or customers.


Instruct them to:

  1. Never open email attachments unless they are from a trusted source and you are expecting to receive them.
  2. Never click on URLs in emails unless they are from a trusted source and you can verify their veracity. Before clicking on a link, hover over the link and check to see if the actual link destination is the same as the claimed one.
  3. Never share computer login information over the phone.
  4. Be wary of unknown thumb drives! Cybercriminals may leave infected thumb drives laying around on workers’ desks, waiting rooms or floors. An unsuspecting user may pick up the drive and plug it in to see what’s on it. Bring any suspicious thumb drives to your IT department.

Also, conduct routine tests to test how effective your training has been.

Additional prevention
The FBI has compiled a list of other ways to prevent ransomware attacks:

  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read-specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail. Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

Back up your data
Be sure to regularly back up your data, so if your facility does fall victim to a ransomware attack, you can simply and quickly get back to work with minimal data loss. It’s vital, when backing up your data, to do two things:

  • Verify the integrity of those backups.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

 What to do if you are attacked
Shut down your computers and networks immediately to contain the threat. Once the threat is contained, contact the FBI’s Internet Crime Complaint Center.

When the threat is over, convene an investigation team to identify what caused the attack and learn from your mistakes so you can avoid falling victim again.

Do NOT pay the ransom
The FBI does not recommend paying the ransom, for not only does this not guarantee you will regain access to your files, but you may be asked to pay even more. Plus, you are very likely to be targeted again by the same source, and you are encouraging this criminal business model.

Additional resource for healthcare facilities
There are HIPPAA implications to ransomware attacks. The Department of Health and Human Services has compiled a fact sheet.

For more information on protecting your computer data, contact Vanguard Resources.