Help Me With HIPAA by David Sims Preventing Ransomware
00:00:00 00:00:00

Preventing Ransomware

Today we are discussing ransomware. We have already talked about this in a previous episode, but now we are going to talk more specifically about tips, tricks, hacks, and options for preventing ransomware. An ounce of prevention is worth more than several tons of cure, especially when it comes to these types of viruses and malware. You would much rather spend your time and money on prevention tactics so that you can be prepared when there is a ransomware attack rather than spending your time and money recovering lost records or paying criminals or terrorists. If ransomware isn’t on your risk analysis, you should re-think your risk analysis. If it is on there, then it should be classified as high risk. A recent article predicted that 2016 would be the year of ransomware, and so far it seems that they are correct.

Ransomware is much different from the viruses and malware of the “old days”. Ransomware is a form of malware that comes into your system via email or somehow that someone has let in. It will lock or encrypt certain files and passwords that you find important. Then, a message pops up on your screen that preventing ransomwarebasically says you have to pay a certain amount of money, typically in Bitcoins or some form of similar currency, to get your data back. So, you can either pay the ransom and possibly get your information back or not pay the ransom and fall back on a prevention plan. Now, the reason that we say “possibly get your information back” is because we have seen cases where people pay and get their stuff back, but we have also seen them where they pay and the hackers still don’t return the information.

What do you do about ransomware?

Doing nothing makes you much more likely to have a huge problem. 8 hospitals have already been hit with ransomware this year. April itself had a record number of cases reported to the FBI, and it shows no signs of slowing down because it is so lucrative. Ransomware attacks do NOT just affect hospitals, they can hit small practices, BA’s, even photography shops as David mentions. Statistically, when any business loses a large amount of data or has a large breach they typically don’t last and end up having to close or sell off what they can salvage of their operation.

The best defense to ransomware and any potential breach is training and vigilance within your organization. More often than not, people are saying that they don’t need training and if they do train, normally it’s only on HIPAA compliance and not on security. This is not good, because the Ransomware epidemic is only going to get worse. For example, Microsoft has discovered ransomware that has worm like tendencies, which means it’s not going to only hit the computer it’s opened on, it’s going to spread and affect others nearby.

Is Ransomware a PHI breach?

Once the information is encrypted, there is no exfiltration. Because of this there is a large debate on whether ransomware is a PHI breach. However, if you can’t get to your information, are you really in control of it, and can you be certain that nothing is being put into place by the hackers so that they can infiltrate your systems later? A breach of data is when something could have been seen, but we haven’t seen any guidance on how to classify ransomware just yet.

Malware protections do not necessarily protect you from ransomware. However, malware protection software companies are beginning to modify and produce new programs that will help with preventing ransomware.

If you don’t understand ransomware, how can you train your employees on preventing ransomware and to remain vigilant when monitoring their systems? I’ll say it again, the best protection is constant training and vigilance from your staff. Do not ignore the problem, take steps to prevent it and then solve it if the prevention tactics don’t work.

3 Easy Steps To Help Prevent Ransomware

  • Install at least the free version of cyrptoprevent.
  • Train your employees regularly and build awareness for everyone.
  • Backup your information! Be sure you periodically review your backups to make sure the information is being backed up wholly.