Understanding cybersecurity is critical in healthcare. According to Becker’s Health IT, the Emergency Care Research Institute (non-profit research group) ranked Ransomware as the No. 1 health technology hazard for 2018 – it even beat out infections caused by endoscopes and infected body fluids on mattresses!
Also, the results of an AT&T survey** of 700 IT management professionals stated that IT’s top concern is:
1. Respondents ranked malware, worms and viruses (60 percent) as the No. 1 threat to their organization in the year ahead, followed by unauthorized access to corporate data (49 percent) and ransomware (46 percent).
However, in the healthcare sector, 70 percent of respondents identified Ransomware as the No. 1 threat to their organization in the year ahead.
This information got me wondering about the difference between ransomware and malware, viruses, worms, trojans, etc., because healthcare IT is most concerned with Ransomware. Here are my findings:
Malware is the abbreviation for “malicious software”. Malware is designed to damage a computer system without the consent of its user. It is a broad term that covers viruses, worms, trojan horses, rootkits, spyware and adware. Malware ranges in degrees from simple adware to extremely dangerous and malicious Ransomware.
Ransomware is one of the newest and worst of all the types of malware. Ransomware tends to come in through email as a harmless link but once link is followed it quickly takes over and locks you out of a single computer or the entire server and every computer in an organization. Files are held ransom through encryption, and victims can only obtain the decryption key by completing a financial transfer. Payment does not mean you will receive your data. Some Ransomware criminals may take the money and run, leaving you with your years of data completely inaccessible.
Healthcare IT News gives this advice for healthcare organizations to prevent impact from Ransomware:
- Backup your data
- Keep a ‘gold image’ – by backing up systems and configurations
- Plan for when systems get hijacked -list systems that would put you in hot water if impacted
- Work with well-equipped cybersecurity vendors– need for internal and also external experts
- Don’t forget to test plans you must test your security plans before you rely on them
- User Education – all it takes is one uneducated system user…
According to Norton (division of Symantec focused on security), most of the Ransomware attacks that have taken place in the past have been due to poor protection practices by employees. Following are a few of Norton’s dos and dont’s in case of an attack and to prevent an attack:
- Do not pay the ransom.
- Restore any impacted files from a known good backup
- Do not provide personal information when answering an email, call, text or instant messages.
- Use reputable antivirus software and a firewall.
- Do employ content scanning and filtering on your mail servers.
- Do make sure that all systems and software are up-to-date with relevant patches.
- If traveling alert your IT department if you’re going to be using public wireless Internet.
**The full report is at att.com/cybersecurity-insights