by Rick Kuwahara COO of Paubox
Article filed in
What is ransomware and how to protect against it
by Rick Kuwahara COO of Paubox
Ransomware is the biggest threat to email security in healthcare, with 88% of all ransomware attacks targeting providers according to the Solutionary Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2016.
But what is ransomware?
Ransomware is malicious software that essentially holds your data hostage until you pay a ransom payment to release it. Essentially, cybercriminals commit extortion by holding important files against you, and sometimes act as a Shadow Broker if their demands are not met.
Ransomware is most commonly distributed through phishing attacks (hidden in email attachments) sent from a seemingly legitimate email address.
Just a few of the latest ransomware families attacking US healthcare providers include Locky, Petya, Reveton, CryptoLocker, CryptoWall, and WannaCry ransomware, and there are new versions in the works every day – some with the potential to reach a global cyber attack.
Obviously, this type of cyber attack is bad news for the healthcare industry and any company dealing with protected health information (PHI), as any stolen data can be a HIPAA breach.
But it is possible to keep your information private, with some carefully implemented security measures.
Identify security risks
First, businesses working with PHI should address the issue of ransomware and HIPAA by conducting a risk analysis. A risk analysis involves identifying and evaluating potential risks, then it takes into account the probability and severity of these risks.
A typical risk analysis will include the following steps:
- Identifying business needs and changes to requirements that may affect overall IT and security direction.
- Reviewing the effectiveness of existing security policies and procedures.
- Assessing physical protection applied to computing equipment and network components.
- Checking the adequacy of current authentication mechanisms.
- Reviewing remote access systems, firewalls, servers and external network connections.
- Assessing the staff’s awareness of security issues and how committed it is minimizing the risks.
This analysis will help businesses fully understand where there might be threats and vulnerabilities within their systems. When these flaws are identified, they should be addressed immediately, whether they are mitigated or eliminated.
SEE RELATED: Locky Ransomware Attacks U.S. Healthcare
Create a security plan
Part of a good security plan involves working with your staff and employees to avoid situations where ransomware infections could be installed inadvertently.
Users need to know what types of links and programs are suspicious or malicious code, and that type of information should be regularly updated and communicated.
Your staff should understand what links within emails are not safe to click, how to avoid suspicious websites that could contain ransomware work (such as in pop-ups), and how to create strong passwords that do not allow unauthorized entry. They should also understand common ways email gets hacked.
READ MORE: 5 Business Best Practices for Email Security
Consulting with security experts and security researchers for the best antivirus software and security software can also help prevent cybercrime against your company.
But overall, staff should always report any activity that seems suspicious in the hopes of pre-empting an attack.
If a user unwittingly causes a security breach by inadvertently clicking on a suspicious link or download, or by visiting a website that might be malicious, they should be encouraged to report such incidents rather than pretending that nothing happened.
Another important security measure is limiting access to PHI. Only staff and programs that need to access this data should have permission to do so. And when programs are selected, they should be carefully screened for adherence to HIPAA, this includes having a HIPAA compliant email service.
It is important to back up all data regularly, especially PHI. In the unfortunate event of ransomware being present, providers will at least be able to access the data and recover it without being stuck dealing with a ransom.
Backups should be kept separately from the usual networks, as some ransomware intentionally seeks out backups and destroys access to those additional copies.
How To Tell if You’re Dealing with Ransomware
Avoiding ransomware is clearly important. It is equally important to understand what a ransomware attack looks like.
The most obvious clue that you have been targeted with ransomware is the request for ransom via a ransom note.
The attacker will likely let you know that your data has been compromised, and set out their ransom in exchange for the decryption key that will let you decrypt files that are infected. A hacker seeks money (typically in the form of a digital currency via Bitcoin), so they will ultimately let you know if you have not noticed that your data has been compromised.
You may also notice file names have been changed, there is a private key installed, or you no longer have rights to open folders.
If you find that you cannot access files, or that screens do not look as they should, it could be the beginning stages of ransomware or another type of data attack.
Immediately alert the appropriate personnel. The sooner you can do this, the better.
What to Do If You’re Caught By Ransomware
Unfortunately, sometimes providers lose their data through ransomware even if they have worked hard to protect against it. With one simple mistake, you could find yourself having to address this type of situation. For this reason, you need to have a plan in place so you can move quickly.
Investigate how the ransomware came to exist on your network in order to identify how to avoid it in the future. Know how you intend to fix the issue, and determine who needs to be notified in the event of a data breach according to HIPAA guidelines.
Once you have removed the ransomware, it’s time to regain control of your data.
Make sure that you backup your files regularly. If you have backed up recently, you can restore your files with minimal data loss.
Note, however, that some ransomware lurks on your system for a while before taking effect. In this case, you need to be able to restore your files from a backup that predates the initial infection.
Some ransomware will try to affect connected drives. Counter this by keeping three copies of your data. Two of these should be on different devices. At least one of them should be off-site.
Your three copies might consist of one on your local drive, one on an external hard drive and another stored with an online backup solution provider.
A backup application will often allow users to choose what date to restore files from. It may well be able to recover clean versions of your infected files. Fortunate and well-prepared businesses and individuals can have their data back in as little as half an hour.
Once you’ve regained control of your data, it’s important to prepare yourself for potential future attacks. Review what happened, what needs to change, and what worked.
Prevention and preparation is the best protection against ransomware
Nobody wants to have to deal with ransomware, nor the fallout of a HIPAA breach with law enforcement agencies.
The best way to protect the security of your company, and the sensitivity of your clients’ data, is to organize your systems in a manner that avoids the risk of ransomware at all times. Take a proactive approach to avoid having to react to a bad situation in progress.
You and your staff should always be vigilant and aware. The extra time you take to implement security and otherwise address potential problems is well worth the effort.
Being prepared is certainly the preferred approach, versus scrambling to find and restore precious information, alerting people of a data breach, and potentially losing the trust and business of clients.