Healthcare under attack by new strain of ransomware
FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments. DOCM is Open XML Macro-Enabled Document file used in Microsoft Word. Which means the file contains a macro which MS Word will execute when you open the file in MS Word. Healthcare is the leading industry targeted by the campaign.
The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) is worth hundreds of dollars per complete record and it's vital to provide care to patients. Cyber-criminals once chased credit cards because stealing the credit card record was fairly easy and selling the stolen records on the dark web was simple and profitable. Then they moved on to PHI records because it was worth so much more on the dark web. But, cyber-criminals have been moving to ransomware because it garners immediate payment from the victims.
There have been a lot of blogs about ransomware hitting large hospitals or healthcare providers. That's true, but cyber-criminals don't care how big you are, they know all healthcare is a prime target that will pay. If you're a single doctor's office, a chiropractic, optometric office, therapist, physician or surgeon your practice is a target. It's important to take action now and protect your PHI.
Ronghwa Chong of Fireeye Labs wraps up his report with "These latest campaigns are a reminder that users must be cautious when it comes to opening attachments in emails or they run the risk of becoming infected and possibly disrupting business operations." If you're not prepared to recover from ransomware, it can even cause severe cashflow interruption, loss of revenue and potentially impact healthcare services to your patients. Make sure you have a disaster recovery plan in place and your backups are secure and usable.
Plan of Action
- Admit your healthcare business is a target of cyber-criminals.
- Make sure your backups are current, working, secure and a full restore works. TEST THAT YOU CAN RESTORE FROM BACKUPS.
- Understand that you (the owner, the doctor, compliance officer, and/or the office manager may be charged and jailed for HIPAA non-compliance.)
- Understand that even with improved cyber-defenses you're likely to experience a breach.
- Improve your cyber defenses to prevent a breach.
- Create a breach notification plan to guide you in the event of a breach - which is highly likely.
- Work to become HIPAA compliant.
- Perform a risk assessment (security risk analysis).
- Work on the list of corrective actions identified in the risk assessment.
- This should include improving the cyber-security of your computers and network and training of staff.
- Have the entire staff take HIPAA training that includes cyber-security.
- Implement HIPAA policies and procedures for your business.
Take our Free risk assessment to find out what you need to do to protect your PHI and work towards HIPAA compliance.
Protect your patients, protect your pratice, protect yourself.