As you may know, ransomware has become a top concern for organizations across the globe as cybercriminals continue to flex their muscles and show just how easily they can take down an organization through a simple e-mail. An article over at SC Magazine takes a look at the threat of ransomware to smaller practices.
What is ransomware?
“The concept is relatively simple; criminals send a bogus e-mail to an employee with an enclosed attachment. The employee opens it up, and this encrypts the data on the system. The victim is then asked to pay a ransom to receive the decryption key.”
While it is nothing new that cybercriminals are targeting the healthcare industry, the time has arrived for ransomware attacks to focus on smaller victims such as dental practices and general practices alike.
Why focus on smaller practices?
Although you may be thinking a cybercriminal would be better off attacking a large corporation like a hospital, the focus has really shifted to the exact opposite. While larger organizations may house a significantly larger amount of PHI than a smaller practice, there are practical reasons for targeting the smaller organizations.
“Orlando Scott-Cowley, an independent cyber security consultant suggests it is because they are reasonably inexperienced when it comes to dealing with these kinds of threats.”
According to Cowley, “The attackers are dealing directly with a receptionist, and many of these businesses don’t have their own internal IT staff, as they probably use a reseller or contractor. Another reason is that these organizations need the data straight away – if it gets locked up they’re more likely to pay a ransom because they can’t afford not to have access for more than a couple of minutes.”
How do these attacks occur?
These attackers are known to purchase email addresses for healthcare organizations at a low-cost. Once cybercriminals have access to these email addresses they begin sending mass emails to various organizations to see who will take the bait.
“Criminals are finding cleverer ways of doing this. For example, they may ask receptionists to open an attachment by claiming that it holds important medical results, or x-rays, and they will make these sound urgent because they know the receptionist is already quite flustered and busy.”
What should you do if you are attacked?
First and foremost, it is not recommended to pay the ransom if you fall victim to a ransomware attack. It is crucial to backup any data that is accessible following an attack. There are also websites set up to assist in unlocking your data, but be aware of who you are trusting!
The best way to prevent your organization from falling victim to a ransomware attack is to ensure your employees are properly training.
“There needs to be some form of cyber awareness training to help everyone to understand why they could become a victim. This would include ensuring that staff are suspicious of everything in their inboxes, including clicking on links or downloading attachments in emails.”
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!Get more information on free HIPAA security training! >>>