Physicians Should Understand the Basics of Ransomware

September 8, 2016

It doesn't matter how small or big your practice is, you need to be prepared for ransomware attacks.

With the increased number of ransomware attacks, physicians need to implement a plan to address the prevention, detection, and correction of these nefarious attacks.

Fundamentally, ransomware is "a type of malicious software designed to block access to a computer system until a sum of money is paid." Typically, two types of ransomware may be deployed - lockscreen or encryption. A lockscreen attack is identified by a message popping up on the computer screen, which prevents the user from either using the PC or accessing files. An encryption attack occurs when the files are encrypted and become inaccessible. Individuals who are deploying ransomware are becoming more sophisticated both in the delivery of the malicious software, as well as the incubation period and altering of the data.

According to the FBI, "[i]n a ransomware attack, victims-upon seeing an e-mail addressed to them - will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software." One might consider these techniques to be "old school." While still effective, there are even more subtle ways that attackers can access data. According to FBI Cyber Division assistant director, James Trainor, "[t]hese criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers." In sum, as providers, this poses a significant threat to patient care.

In order to combat ransomware attacks, physicians should adopt a strategy that includes prevention, detection, and corrective courses of action. The most fundamental prevention methods are adequate policies and procedures (e.g., back-up and business continuity plans) and training, as well as having competent IT staff or third party providers who ensure that patches and updates are done on the software.

In relation to detection, training comes into play, as well as pulling the plug on a PC to try and isolate the malware. Finally, corrective action includes contacting authorities, running audit reports and implementing the back-up plan and data recovery. The size of the organization does not matter, so physicians should take precautions.