It is an ugly world out there in cybernation. As you have seen in media, there are greater threats than ever. The threats have gotten more sophisticated and have targeted a lot of medical clinics due to their information that they hold. As a point of fact, there have been many successful attacks on medical clinics that we hear nothing about. Because of many reasons, we do not hear about these attacks, not the least is: embarrassment, possible HIPAA violations, still in the midst of trying to untangle themselves from the malware, not knowing they have been breached, etc……. So what is a clinic supposed to do? I often hear these hackers have far bigger budget and smarter people than my lone little clinic.
The first thing you need to understand is even with the most robust prevention, there is no guarantee against a breach. Which means, contingency and remediation plans are essential to your clinic by a clinician software.
*Start by making all employees and business partners in your clinic aware of general threats and ransomware and how it is usually brought into your clinic. I won’t in this article go into all the ways, but suffice it to say, do not open anything that doesn’t look right. Also, do not use your work computers for personal surfing.
*Make sure your operating system, software, and firmware on the device has a centralized “patch “ management program. This will allow any updates to be distributed throughout all your computer “network”.
* Configure access by employees with the least privileges allowed in order to do their job. I see so many clinics such that everyone has admin controls. I often get” we trust everyone here”. That’s great that you trust everyone. Restricting access has nothing to do with trust, it has to do with managing your vulnerability’s.
* Disable any and all macro scripts from office files that come through the e-mail. So…..Disable all macros with notification Macros are disabled, but security alerts appear if there are macros present. Enable macros on a case-by-case basis.
*Implement Software Restriction Policies. Commonly known as SRP’s. This will prevent programs from opening up and exe from common Ransomware and Malware sites.
*MOST IMPORTANT– saved the best for last. Ensure that your antivirus and anti-malware software are set to automatically update and that regular scans by you are conducted (ex: once per month). Notice I did not say, make sure you have anti-virus and anti-malware in place. If you do not have these in place, you mine as well be parachuting without a parachute.
Business forward consideration
*You must have a good backup. This means back-up regularly and regularly check to make sure your backup is good. It not only has to backup but must have integrity (no failure within backup and no corrupt data).
* Secure these backups such that they are not connected to your computer network. Like backing up to a cloud(make sure cloud company is secure and reputable). Another means of backup is to media device and store off-site in safe and secure location. One note: ransomware has the capability to lock cloud-based backups when systems continuously back up in real time.
BACKUPS ARE CRUCIAL IN RANSOMWARE. If you get infected, this may be the only way to recover any of your data. I can tell you many examples of people I know personally that lost all their data because of faulty or no backup.
*Execute any new programs in a virtualized environment. System virtual machines (also termed full virtualization VMs) provide a substitute for a real machine.
Most security and government officials will tell you once you pay ransom you painted a target on your back! I will say this, paying a ransom does not guarantee your information will be returned. In fact, I know one organization who paid and was not provided any keys to unlock the data. On the other hand, I know of an individual who paid, got the keys to unlock the data and once they got back their data, cleaned it up and hired an expert consultant to totally clean their system out (very expensive). On the other hand, I know of a clinic that got attacked and did everything right. They shut down their entire system, cleaned all computers out, reinstalled all operating and program data and reinstalled the data within the system and were back up and running the next day.
RECENT DEVELOPMENTS SHOULD PROPEL YOU TO MAKE AWARE TO ALL END USERS TO THE AWARENESS AND PREVENTATIVE MEASURES THAT THEY SHOULD TAKE IN ORDER TO DO THEIR BEST TO NOT BRING IN ANY RANSOMWARE OR MALWARE.
START OUT AND SHOW THEM THIS ARTICLE.