By Daniel J. Morrill, PT, DPT
It is 6 am Thursday, and your chief executive officer (CEO) receives a message on his computer’s monitor screen stating that your computer network has been infected with a virus known as “ransomware.” The message informs your CEO that the data is currently encrypted and will only be released if a payment of $25,000 is wired to a secure offshore account. Immediately, your CEO calls his director of information technology (IT) and verifies someone outside their network has gained access and encrypted all of their data. Your nightmare begins.
What is Ransomware?
Ransomware is a type of malware, or computer virus, that stops or limits users from accessing their system or files. It does so either by locking the system’s screen or the users’ files unless something is given in exchange, such as payment. More advanced ransomware families, typically referred to as crypto-ransomware, encrypt certain file types on infected systems and force users to pay the ransom through specific online payment methods in order to unlock their files. Just because you pay the ransom does not mean the criminals will release your data. Herein lies the problem.
Today, ransomware is gaining access to systems because of the relative ease of intrusion. It was initially seen in 2005-2006 with one of the first ransomware viruses identified as a small program that zipped target files on the system. The files also contained a text file indicating where to send money to receive an unlock password. Now, ransomware has become so sophisticated that in some cases it can prevent users from accessing their entire network and completely stop operations. In 2015 Cyber Threat Alliance estimated one ransomware family caused $325 million in damages.
How Does Ransomware Gain Access?
Ransomware gains access in the typical virus fashion; through network vulnerabilities, infected emails, website access, and a wide variety of other access points. Unfortunately, it may be as simple as clicking on a cleverly designed malicious email or a link on an infected website. The reason ransomware has become popular is because your data is more “valuable” to the clinic or the hospital, and it is a lot less work for a criminal to “sell” your data to someone else.
The following companies provide software and services for physical therapy clinics:
BMS Practice Solutions
MWTherapy by Merlinwave Inc
Practice Perfect EMR + Management Software
ReDoc by Net Health
TheraOffice powered by Hands On Technology
What Are the Protective Measures?
Step one is to address the risk of a ransomware attack happening at your business. Assessing risk for ransomware is similar to assessing IT risk and therefore can be included in a clinic’s overall IT security plan. When it comes to planning and dealing with a ransomware situation, creating a policy and procedure manual is the single most important place to begin. It should be comprehensive—similar to a checklist—so if something were to happen it would provide step-by-step instructions about how to deal with the situation. The payoff is that all the hard work devoted to developing policies regarding technology use will limit the risk of a ransomware attack occurring in the first place. As it is with physical therapy, so it is with data security: prevention is beautiful and powerful.
Doing the homework and preparing, keeping up-to-date anti-virus software, educating staff members about suspicious emails and files, installing protective appliances, backing up servers, verifying backups, and installing firewalls and monitoring software will help reduce the risk of intrusion by criminals. Regularly reviewing all of the below will also contribute to keeping a current focus on security.
Does the Cloud Help?
Cloud computing has become safer over the years. The banking industry realized steps needed to be taken to convince people it was secure enough to perform financial transactions online. Healthcare organizations may have been slow to adopt the same technologies for many different reasons, but over the last few years they have been able to take advantage of many of the security features the banking industry built into its “cloud” platform. Though the technology has improved, it is not 100% risk free. It therefore still requires planning and preparation.
Cloud-deployed electronic medical records (EMR) and practice management software can be advantageous if the infrastructure is built with enterprise-level equipment specifically used to reduce the risk of IT network threats. It is extremely important for clinics to work with the cloud-based software vendors to find out how and where the clinic’s data is stored and what type of security is deployed to protect from attacks. In discussion with these vendors it is best to be specific, going so far as to ask how they would respond if the facility were attacked with a ransomware virus. It is good practice to routinely check in with the software vendor to make sure they are keeping up with the latest security trends.
You’ve Been Attacked. Now What?
To pay or not to pay? This is the question with ransomware. While some believe this is the best way to have their data returned, others believe that even if payment is made the attackers will either not release the data or only release small portions of the data to get more money. However, there is good news: even though the viruses are becoming more sophisticated, there are more resources and companies available to prevent and even eliminate ransomware that has infiltrated a network. Tools can be provided in the form of hardware or software; another process that can be performed is a backup of the environment. The caveat is that detection tools should be used as well.
Don’t Go it Alone
Data is worth money. Mistakes made early on could limit the ability to recover it. The best advice is perhaps to know when to seek help, which should be identified in the clinic’s policy and procedure manual. Likewise, in the event of a ransomware attack, clinics should work with their software vendors since their knowledge may prove helpful in a such a situation.
Ransomware is a growing threat to healthcare data. It is an easy way for technology criminals to attempt to force payments if they can gain access to a network. Network security, including stopping ransomware, begins with prevention through education and planning. If a network is infected with ransomware, there are options available that do not include paying the criminals. There are companies and products that can help identify and eliminate the threat. Companies, such as Kaspersky or Symantec, already have solutions to decrypt ransomware. Clinic owners and managers should check with their current anti-virus software vendor to determine their options. PTP
Daniel J. Morrill, PT, DPT, is chief executive officer of Hands on Technology Inc, and President, Hinsdale Sport & Spine Therapy Ltd, Westmont, Ill. For more information, contact PTPEditor@allied360.com.