May 22

How do we guard against ransomware attacks?

Ransomware (1 of 1)

Ransomware attacks are no longer just a great script for a television show, in February it was reported that the FBI and LAPD where investigating just such an attack at the Hollywood Presbyterian Hospital. Ransomware restricts access to the software or data in some way, often using encryption then demands that the user pay a ransom to remove the restriction. Other media outlets are also reporting cyber attacks of other kinds on other healthcare facilities which need to be taken seriously to avoid this crippling both healthcare facilities and the eHealth industry.


3 ways cyber attacks can affect your business

  • Patient medical history inaccessible or unavailable – meaning you will have to gather this information again verbally from the patient, caregivers and healthcare team. You and your team will have to revert to paper records, orders and results.
  • Medical devices may become inoperable or access to the data they are providing inaccessible in a central location meaning you will have to check all device results manually.
  • Potential public relations negative impact – the public expect their data to be protected and to receive the best care at all times.

3 ways that you can protect against cyberattacks

  • Have strong technologies implemented to prevent and detect threats.  While not full proof, security for all aspects of your business needs to be in place, emails, internet, devices and your software.
  • Security policies and procedures are a must. Staff need to be educated not to touch that link that may bring in the malware. IT staff need to be trained in prevention, detection and incident response to avoid significant downtime and expense.
  • Always have a plan B and make sure your staff know what to do if systems go down so that transitioning to a manual system is as seamless as possible.

Ransomware is becoming an easier source of revenue for cyber criminals.  Where an organization cannot seamlessly move to a plan B, or is concerned about the public relations impact, an easier risk management decision may be to pay. Just as Hollywood Presbyterian Medical Center reportedly paid $17,000 for a quick recovery of the encryption key. The decision they made was a business decision and to protect their business and patients. Given the potentially significant impact to hospital operations, many healthcare executives might make the same call. The follow on of this decision is that greater investment will be required as we move forward in cybersecurity, education and governance of your systems as a cost of doing business in this decade.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>