Imagine if you started to open a resident’s file on your computer and this message came up on your screen against a red background:
YOUR IMPORTANT FILES HAVE BEEN ENCRYPTED: PHOTOS, DOCUMENTS, VIDEOS ETC. IF YOU WANT TO DECRYPT YOUR FILES YOU MUST PAY THE FEE OF $______
This is the actual text of a message that some health care providers have seen, and unfortunately, these kinds of messages are popping up with increasing frequency on computer screens at health care organizations and many other businesses through the proliferation of Ransomware, which is the latest in a long line of malicious computer software.
Ransomware operates by blocking access to or encrypting the files and folders on your computer, smartphone, tablet, or network server, making them inaccessible without a key to unlock the encryption. The key to restore access to your data is only available for purchase from the cybercriminal perpetrators. Ransomware has a different objective than other malware attacks in that rather than attempting to steal your data for the hacker’s own use, it instead demands payment to grant you access to your own data. As the name implies, it holds your data “hostage” unless and until you pay the ransom. One of the latest variants is called CryptoWall, which encrypts not only the data on the local drive device, but also on any external drives and shared drives to which the device is connected.
The impact of ransomware has already hit hospitals and other health care organizations around the country. As reported by NBC News and other media outlets recently, Hollywood Presbyterian Hospital has been hit, and had to pay the ransom demanded to regain access to its data. Another hospital system was forced to shut down its computer network to avoid the spread of ransomware that had infected its computers. To date, there have been no reports of assisted living companies being targeted, but assisted living communities have been targets of other cyber attacks, so it’s almost inevitable that it will happen.
According to the FBI’s Cyber Crime division, ransomware is frequently delivered in an email message to an end user inviting the recipient to click on a link in the message, or to open an attachment to the email. That one simple click on the link or opening of the attachment can launch the ransomware encryption tool, which then encrypts all the data that it can access from the user’s device. On mobile devices, ransomware is often introduced by a vulnerability in the operating system settings, or the lack of a passcode on the user’s device.
As is the case with so many defenses to hardware and software cybercrime, the effort has to start with end user training and awareness. Your staff must be sensitized to the need to be suspicious about unsolicited and unexpected email messages, even those from a known source, which contain a link that the user is invited to click, or an attachment that the user is invited to open. Also, when dealing with mobile devices or workstations, ensure that a strong passcode is used for each device.
In addition to keeping software patches and security software for workstations and any mobile devices used by staff updated with the most current versions, assisted living companies must pay careful attention to backing up their data, and ensuring that the backup is not connected to computers that could be reached by ransomware. One technique in this regard is to use secure, cloud-based backup or physically separating the backup systems offline from the company network.
You also should be careful about residents’ access to the company’s IT systems because that is another point of vulnerability. If you make computers or other workstations available to residents as a convenience feature, they should not be directly connected to your company’s primary network.
If your organization is the victim of an attempted ransomware attack, or even if a staff member sees suspicious activity, be sure everyone is prepared to act quickly to report necessary information right away. Suspicious activity that is quickly reported and stopped will give you the best chance of minimizing the amount of data affected by the ransomware. Be sure to report to banks and law enforcement authorities any payment that is made in response to a ransomware attack. Payments made with a credit card could be blocked, and money returned, if properly reported in a timely manner.