Cyber Self-Defense 101: Lessons in Ransomware
By now you've heard about another big ransomware highjack in the news recently. A nasty computer virus targeted hundreds of thousands of devices in 150 countries. Although healthcare and hospitals were not specifically in the crosshairs, nearly 50 medical facilities in the United Kingdom were infected.
As you can imagine, online marketing and communications channels are a juicy digital target. A lot of good guys are vulnerable to a few bad guys. Ransomware is a type of malware that, as the name suggests, demands a payment to allow access to your own computer data files.
Everyone needs elementary cyber self-defense…
Right up front here, you need to know that we are a digital marketing company, and we are not a cyber security firm. But providers and clients ask us about protecting their investment, and we feel a parental-like responsibility to speak up. You should check in with your IT security specialist, but here are some elementary “cyber self-defense 101” tips to help get you started:
This isn’t going away soon. Some IT experts predict that nearly every healthcare computer system is vulnerable. The recent European blast may have been the largest to date. But what you may not appreciate is that ransomware hit more than a dozen American hospitals and health systems last year. In dire terms, “it’s not ‘if,’ but ‘when.’”
It’s more than desktops and laptops. It’s frightening to realize that all types of healthcare hardware—MRI machines, ventilators, and some types of microscopes and other devices—are also juicy targets. “Those computers, like our laptops, come with software that the makers are responsible for supporting,” CNNtech reports. “Sometimes the people who make the machines stop supporting them after an extended period.” Old software, dated hardware, and low-profile digital devices can put patient data and safety at risk.
Old hardware and software is an easy target. At the time of the attack, Microsoft had a security software patch widely available. Unfortunately, old devices, dated software, and large, cumbersome systems are less likely to receive the updates. It may be difficult to do, but all hardware and software should be brought to current status regularly.
Have a proactive data backup system. Symantec is an industry-recognized authority in security for business systems. You may want to consider their product, Symantec Endpoint Protection. They offer several recommendations to avoid ransomware infections. The first of which is:
Back up your computers and servers regularly. They say: “Regularly back up the files on both the client computers and servers. Either back up the files when the computers are offline or use a system that networked computers and servers cannot write to. If you do not have a dedicated backup software, you can also copy the important files to removable media. Then eject and unplug the removable media; do not leave the removable media plugged in.” Additional safeguard considerations are listed here.
Beware of all unknown websites, email and attachments. A primary safeguard is not to open or connect with anything online that is unsolicited, unknown or otherwise suspicious. Ransomware is often embedded in attached Microsoft documents.
Prevention is first and best. Offices that use Windows should install and use an excellent antivirus and personal firewall on each machine. Consider a premium version of McAfee, Webroot, Bitdefender, Symantec or other well-reviewed major brand.
Healthcare is an attractive cyber target and is increasingly subject to attacks. This includes hospitals, health systems and individual medical practices. For more in-depth guidance, contact your professional cyber security advisor.