X
GO

Ransomware Guidance For Health Centers

Introduction

Ransomware is a type of malware that takes control over a computer or computer system by encrypting all the data on the drive. The data is then held at ransom until a predetermined cost is paid. Due to the use of cryptocurrencies (e.g., bitcoins) for payment it is difficult to track those demanding the ransom making it tough to prosecute.

Problem Statement

A rapid increase in the computerization of health care organizations, many without the capacity to keep up to date with the extensive privacy and security measures required, has made them targets for cyber-criminals. In the last couple of years there have been numerous ransomware attacks that has held critical hospital data at ransom.

Health Centers may be perceived as more vulnerable targets by cyber-criminals due to a potentially smaller IT staff and older set of IT infrastructure (e.g., operating systems without latest security updates).

Examples in the News

Massive Locky ransomware attacks hit U.S. hospitals

http://www.healthcareitnews.com/news/massive-locky-ransomware-attacks-hit-us-hospitals

Security report - Nearly 90 percent of ransomware attacks target healthcare

http://www.hiewatch.com/news/security-report-nearly-90-percent-ransomware-attacks-target-healthcare

Virginia dermatologist hit by ransomware attack, records for 13,000 patients seized

http://www.hiewatch.com/news/virginia-dermatologist-hit-ransomware-attack-records-13000-patients-seized

Ransomware Transmission

  • E-mails posing as legitimate business or tempting links
  • Trojans acting as update requests
  • Anti-Virus programs patches and updates
  • Windows system updates
  • False “You’ve got a virus” notifications
  • Gaining access by exploiting known network or security softwarae vulnerabilities

Ransomware Use Cases

Turn the Lights on Ransomware
Turn the Lights on Ransomware

Turn the Lights on Ransomware

This YouTube video provides an exciting ransomware re-enactment that helps explain how a ransomware incident occurs, common mistakes and methods for mitigation. It also includes a link to a Ransomware Readiness Assessment by the security vendor TrendMicro.

Ransomware in Action
Ransomware in Action

Ransomware in Action

In this YouTube video security specialists show a live example of how ransomware moves through and encrypts a system’s files.

RSS

Ransomware Response Tactics

Repercussions

Financial

  • Ransoms through ransomware continue to grow in costs as ransomware methods become more sophisticated.
  • Outside of the ransom, the cost due to downtime, recovery, and security maintenance can be considerable

Legal

  • Privacy and security negligence may constitute legal ramifications based on state and federal policies and regulations (e.g. HIPAA).
  • Personal lawsuits may be leveled if there is perceived harm

Reputation

  • Ransomware events have become a hot topic and speak poorly of the victims regardless of the exact circumstances.
  • Patient’s may be hesitant to initiate or reconsider care if they perceive that a provider is unsafe with their health data

Primary Prevention Methods

Employee Security Training and Awareness

  • Educate staff on what ransomware is and common traps they might experience
    • Instill email and website suspicion. Help staff know what to look for and what to do if they find something suspicious
    • Teach staff to not click on any links or files un-related to work and inform them of the possible consequences of these types of actions
    • Test and educate: Send a false email with a traceable link

Backups

  • Confirm that backup routines are actively deployed
  • Confirm that backups can be effectively restored

Anti-Virus Programs

  • Scan both inbound and outbound emails regularly
  • Authenticate inbound emails

Firewalls & Network Access Control

  • Block access to known malicious IP addresses. Many are well documented.
  • Provide concise configurations for access to files, directories and networks

Removal

The following provides a preliminary list of videos with examples on how conduct specific types of ransomware removal: https://www.youtube.com/playlist?list=PL302CE7037FD86F7B

Depending on your vendor, as a preventive measure, you should request direct advisement on the processes required for removal of commonly known ransomware.

Further Ransomware Resources

 

Ransomware Prevention & Mitigation Tools

Encrypting Data at Rest on Servers
Encrypting Data at Rest on Servers

Encrypting Data at Rest on Servers

It is common practice today to encrypt data at rest, that is, data stored on servers. This is especially applicable to health centers who are less frequently actively transporting data across disparate networks. Like many smaller healthcare organizations, Health Centers are particularly vulnerable to potential attack and infiltration by data hackers for several reasons: they tend to have fewer technical support staff, resource limitations make it harder to assess, implement, and maintain safe data practices, and organizational inertia limits preventive action when no threat is perceived. 

RSS

Acknowledgements

This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Looking for something different or have something you think could assist?

HITEQ works to provide top quality resources, but know your needs can be specific. If you are just not finding the right resource or have a highly explicit need then please use the Request a Resource button below so that we can try to better understand your requirements.

If on the other hand you know of a great resource already or have one that you have developed then please get in touch with us by clicking on the Share a Resource button below. We are always on the hunt for tools that can better server Health Centers.

Request a Resource  Share a Resource
Search HITEQ Content
Quick Feedback Request
Highlighted Resources & Events
Need Assistance?
Would you like more assistance regarding Ransomware Prevention strategies or support in using any of the included resource sets?

  Request Support

 

The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More >