You probably don’t think of hospitals as targets for criminal masterminds looking to wreak havoc on their systems. Unfortunately, a hospital’s cyber system is often what they’re looking for.
In this post, we’ll discuss hospital ransomware, and why your hospital staff needs to keep alert. Even hospitals that keep their data locked tight need an extra hand every once in a while, to prevent these devastating attacks from occurring.
Let’s learn what ransomware is, why it is important to protect against it, and what the ramifications can be.
What is Ransomware?
Before we get in too deep discussing cybercriminals and the medical field, we should take a minute to discuss what exactly ransomware is, as your staff cannot guard itself against something that they don’t understand.
Essentially, ransomware is an attack launched by cybercriminals.
They will lock your data and only release it in exchange for an amount of money. While this can happen to individuals, hospitals are especially vulnerable. This is because hospitals rely on technology to keep their patients healthy, and to manage things like appointments and other admin.
Locking the system can mean that patients don’t get the care they need, which can then quickly become an emergency situation.
How is Ransomware Spread?
While your hospital’s in-house or outsourced IT team should constantly be making the data system impenetrable, ransomware can still be spread through naive employees.
It’s pretty easy for an employee to accidentally spread ransomware, especially if they are using outdated software, or checking their personal emails.
Ransomware is often spread through phishing schemes, which attach themselves via email attachments. Once someone opens the attachment, it can then infect the computer, and spread to the other computers on the network.
Using outdated systems can also make it easier to pick up ransomware. This is because cybercriminals have a longer amount of time to perfect their cyber scams with older operating systems.
Brand new operating systems have usually not been out long enough for someone to create a scam through it. Therefore, it is important your employees keep their software up-to-date.
Why is the Healthcare Field Particularly Vulnerable?
In order to understand why a potential online predator would target a hospital for their attack, you need to understand the mindset of the hackers themselves.
Obviously, what they are doing is very illegal, so that means they need to make it worth their while. With that in mind, hackers tend to look for targets that fulfill three requirements.
- They have very sensitive information that’s been stolen
- They need it back immediately
- They have the money to pay for it
Hospitals fall under all three categories, and unfortunately, many feel the best course is to just pay the ransom in order to quickly get up and running again.
Why is it Important That My Employees Know How to Ward Off Ransomware Attacks?
You may think of viruses and phishing scams as harmless. If they can’t get your credit card information, then what’s the point of caring about your work computer being targeted for a ransomware attack?
As mentioned previously, many hospitals rely heavily on technology to keep their hospital going, and a breach in the system could cause problems with many of the patients.
If you’ve ever heard of the NHS’ WannaCry attack, you might be somewhat abreast of the damage these ransomware attacks can do.
In May of 2018, the WannaCry attack cost Britain’s National Health Service a whopping £92 million pounds (or $111MM) to fix. Once the virus infected the systems, it took almost a week for their IT teams to restore things back to normal.
During this time, patients who needed to be seen weren’t, patients in hospitals had their needs lost in the shuffle, and 19,000 appointments were canceled.
Because of the serious nature of these attacks, it is important your employees are educated on ensuring ransomware attacks do not occur.
How Can We Educate Our Employees?
While it is all well and good to tell your IT team to keep permissions for changes at the lowest level for most users, to keep personal email from the system, and to update the system often, that isn’t enough to prevent attacks.
You likely have employees on your staff who use technology but aren’t quite sure how it works exactly. They may also be unaware of the everyday things they do on network computers that could be causing harm.
Hackers know what they’re doing, and they depend on people like your employees leaving doors open for them.
Because of this, it is important that your employees are educated beyond mere email reminders and occasional newsletters. Instead, you need classes and seminars that can help both drive home the seriousness of the attacks and show employees how to dodge them.
What Solutions Can CFISA Offer?
CFISA offers HIPAA training for businesses of all sizes. Whether you’re a small private practice, or a large regional hospital, we have educational solutions for you. We can help train your team without forcing your IT department to take time from their jobs to do it instead.
What’s more, while your IT department may be great at their jobs, they may not be so great at explaining how concepts work. This could especially be the case for people on your staff who are older.
Our staff is trained specifically to break down concepts and make them easily understandable to your entire staff.
Protecting Yourself from Hospital Ransomware Attacks
Hospital ransomware can attack at any time. Whether hackers simply hope that one of your staff members will accidentally open a phishing email, or are working to penetrate your system specifically, you need to be on guard.
As mentioned above, CFISA offers a wide range of solutions for your hospital. Additionally, we can help your hospital bring HIPAA into the 21st century and answer questions about how to adhere to the standards while using modern technology.
If you’re interested in hiring us to help train your staff, please contact us for HIPAA training options. Click here to contact us to set up your HIPAA and security awareness training.