Ransomware attacks—where hackers install malware that locks access to certain organization computer systems—have been in the news recently, with an incident at Hollywood Presbyterian Medical Center, in California, getting the most attention. Privacy and security consultant Tom Walsh, CISSP, founder and managing partner of tw-Security, works with healthcare providers to prevent and respond to ransomware attacks. He recently shared his best advice with the Journal of AHIMA.
Human foibles are the root cause of ransomware, making workforce training the most important prevention tool. Workers should be taught to look for “phishing” attempts, and to avoid clicking on links embedded in e-mails.
Providers should make employees use a “guest” wireless network for web surfing and checking personal e-mail at work; encourage them to use their own devices for this. Using corporate devices opens the door to hackers.
If you are struck by ransomware, you’ll probably get a message like this. The first thing IT should do is isolate the first computer this message is found on from the network. Then, they should isolate the whole department from the network. The first 48 hours after an attack are critical. If panic sets in, employees may forget important recovery operations.
Pay the ransom. It might seem counterintuitive, but experts advise healthcare clients to do it. Hackers frequently under value the records and information they’re holding hostage. The Federal Bureau of Investigation says that paying the ransom can help them “follow the money trail,” even if the money trail is paid in Bitcoin.
Ransomware can go undetected for awhile, with a ransom request appearing several days after its encryption has affected files. Therefore, it pays to implement a data backup plan with a longer retention schedule. Employees should also store work-related data on a network drive rather than a hard drive.