We are seeing an upward trend in targeted ransomware attacks. What is it and how do you protect your dental or medical practice?
What is a targeted ransomware attack?
Targeted ransomware is malware, or infected software, that is directed at a specific company in order to steal information and asks the victim to pay a ransom to get their data back.
A ransomware attack often locks people out of their files or threatens to share data, which causes huge disruptions, leaves customer or proprietary information vulnerable, and can leave a business with a huge dent in their reputation.
With data protection laws, such as GDPR, being implemented across the globe, there is also the possibility of huge fines from regulatory bodies, and costs associated with patients’ lost data.
Don’t get caught out
Targeted ransomware breaches are more of a manual process than large scale Cyber attacks, such as CryptoLocker or WannaCry (which widely affected the NHS is 2017). A human hacker targets a specific network – breaking through vulnerabilities, cracking weak passwords and adapting to security systems – which takes a huge amount of skill.
These are not opportunistic or random attacks that exploit human error, such as clicking on an infected link in an email. They are calculated, skilled breaches.
With gov.uk statistics revealing that almost half of businesses have been a victim of a cyber breach or attack in 2017-2018, the rise in these targeted ransomware attacks is a real worry for healthcare practices.
Why is the healthcare industry a target?
Some targeted ransomware ransoms have been reported as upwards of US$40,000, such as SamSam, which targeted the healthcare industry. This is a huge cost for practices, which potentially can be added to in the form of compliance fines from regulators if you are deemed not to have sufficient security in place.
Medical and dental practices hold lucrative patient data – sensitive personal information that would attract big sums if sold, and is worth a lot to practices. This makes practices a top target for Cyber criminals and practices are likely to pay the ransom to get their data back. Cyber attacks are still a high risk for healthcare and will continue to be so throughout 2019.
What should you look out for?
As with all Cyber attacks, you should start with the fundamentals when protecting your practice. Some useful advice includes:
- Use a password manager to generate complex passwords, and use different passwords on each system.
- Apply all patches to your operating system and keep up to date with software updates.
- Change default administrator passwords for all network and system logins.
- Use multi-factor authentication for everything you can use it for.
- Be aware of emails with links and don’t open any emails you are unsure of.
- Don’t give away any information, such as passwords or proprietary details – Cyber criminals are excellent at tricking people into sharing data.
- Keep back-ups of your files and systems
- Protect yourself with a good Cyber liability insurance policy.
Cyber liability insurance should be a key part of your risk management plan.