By now you probably know about the massive ransomware attack known as WannaCry. But what you may not know is WannaCry is just the latest in a series of increasingly harmful and costly attacks. In 2016 organizations lost an estimated $1 billion from ransomware attacks, and experts expect those attacks will continue to increase throughout 2017. Many healthcare organizations are particularly vulnerable to ransomware. So, what can you do to protect your organization from this concerning trend?
First, it may be helpful to review what ransomware is for those who aren’t completely familiar with the concept. Ransomware is much like the name suggests – it refers to a type of malware hackers install and then activate to block access to system data until the owner pays a ransom to unlock the data. Advanced ransomware techniques often use encryption to prevent users from accessing data. Cyberattacks involving ransomware have grown more sophisticated over time as hackers have improved techniques for targeting and encrypting system data. Some hackers are even selling ransomware tools online that are usable by individuals with few technical skills.
This is concerning for healthcare organizations, as they have proven to be more vulnerable to cyberattacks than any other industry. A study of 2016 ransomware attacks showed 88% of successful attacks were against the healthcare industry. Several factors contribute to this, such as the willingness of healthcare organizations to pay for the recovery of their data. Healthcare organizations also tend to have fewer cybersecurity protections in place compared to other industries, due in part to smaller technology budgets and limited cybersecurity expertise among staff. Given the increasing threat of ransomware attacks, it is important for healthcare organizations to secure their digital assets.
Fortunately, there are many things healthcare organizations can do to avoid becoming victims of a ransomware attack. Some best practices include keeping the software for all systems and devices updated by installing the latest patches as soon as they become available. If you have devices which are no longer receiving support from their vendors, consider alternative methods for securing those devices from cyberattacks. Another best practice is to train your staff on using proper cyber hygiene to prevent cyberattacks. Many successful cyberattacks occur because of poor employee cyber hygiene, such as clicking on suspicious links or opening email attachments from unknown senders. By maintaining cybersecurity best practices, you can do a lot to help keep your organization safe from ransomware.