A Quick Primer for Staff
By Diane Evans
By now, you know that international ransomware attackers have hit health systems in the United States. While it’s up to the techs within your organization to apply security measures, it’s everyone’s job to thwart thieves by recognizing and avoiding their traps - often hidden in seemingly harmless emails.
Keep in mind that hackers are smart, and it’s their business to fool even the most conscientious employees in close proximity to patient information. That’s why it’s important to know the warning signs of ransomware.
Let’s start with some basics pertaining to email:
- Beware of any kind of attachments or links within emails that are unknown to you or unsolicited. Malicious links in emails can link you directly to a malicious website the attacker uses to infect a data system. Opening an attachment can have the same effect.
- Know that attackers may impersonate someone you know. Be extremely cautious of emails you are not expecting or that seem a little off. When in doubt, go to your supervisor or a tech before doing anything.
- Make it a practice NOT to click on links and attachments you are not expecting.
- If you get an automated message to update your computer’s antivirus software, click to update it. While the IT people should make sure this is done automatically, that doesn’t always happen in reality.
Of course the goal is to avoid the schemes of hackers, who typically “kidnap” information with the promise of releasing it back to its rightful owner in exchange for money. A joint study conducted by several security firms estimates that creators of one form of ransomware -- called CryptoWall 3.0 - have extracted more than $325 million from victims since January 2015.
In the event you fall victim to a ransomware scheme, you should know the tell-tale signs of being hacked so that you can seek help right away. One common scenario is that you click on a link or open an attachment and immediately realize it is suspicious. Get help, even if you’re not 100 percent sure it’s a problem.
Other indicators of a ransomware include:
- Unusual activity on your computer for no apparent reason, due to the ransomware searching for, encrypting and removing data files, or,
- An inability to access certain files as the ransomware encrypts, deletes and renames and/or re-locates data.
Recently, attackers have been scanning the Internet for devices equipped with remote access to patient information portals. Once connected, they can try to guess passwords, or look for backdoors to gain entry. Once they’re in, they can operate just like they are logged onto your system from a monitor and keyboard.
So. . . .
If you do not need remote access to a database containing patient information, disable the service on your computer. If you do need remote access, use it only as necessary. And make sure your password is next to impossible to figure out.
By now you may wonder what the odds are that you may encounter a ransomware threat. Well, a recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016. That’s a 300% increase over the 1,000 daily ransomware attacks reported in 2015!
That is why everyone needs to have an eagle eye out for the crooks.
Here are just a few other things to keep in mind:
- Never allow a third-party to have remote access to your computer if the caller’s authenticity cannot be verified directly through your organization or a verified Business Associate.
- Do not trust unsolicited phone calls, and don’t give out information.
- Do not download or purchase any unknown software or online services.
- Follow safe practices when browsing the web - and don’t click on ads from unknown sources.
- If you see any unauthorized people accessing patient information (including fellow employees), report the activity to your supervisor or a compliance manager.
Simple safety practices on the part of all can thwart thieves so the can’t do their dirty work. That’s the goal -- and it takes a community of dedicated workers to achieve it.
Note: Information included in this post has been compiled from email alerts distributed by the U.S. Office for Civil Rights (OCR) from May 12 through May 16, in response to international threats impacting healthcare. Reference material includes: February 2, 2016, and March 30, 2016 cyber awareness updates, and a February 2017 newsletter, all from OCR, and a Ransomware Fact Sheet from the U. S. Department of Health and Human Services.
About the author: