Ransomware Tops LightPoint Security Concerns for Medical Practices

Our practices hold a treasure trove of data for hackers and cyber criminals.  The past few years have seen cyber criminals tactics change from attempting to steal medical records, to be resold on the black market, to utilizing ransomware to encrypt records and demand payment for decryption “services”.   

LightPoint predicts this change in tactics will present the greatest threat to small and mid-sized practices.  Where organized hacking groups typically targeted larger healthcare organizations and payers - they held the most records - ransomware can be inexpensively deployed against large group of targets and is often effective against smaller organizations which may lack adequate backup mechanisms and training programs.

Typically, ransomware enters a practice’s network by tricking a user into opening an infected attachment and sets about encrypting data on drives which can be accessed by the unfortunate user’s computer.  Once all accessible data has been encrypted, the user is prompted for payment, usually in bitcoin.

If the practice has an up to date and complete backup, recovering from the infection is inconvenient but straightforward.   If backups are not available there are several options for recovering data: pay the ransom, see if decryption codes are available online, try to rebuild the data, or go without the data.  The last two options are seldom acceptable alternatives.

Thankfully, ransomware infections can be prevented or mitigated with awareness training, modern firewalls, and file monitoring.  When employed together these tools decrease the frequency and severity of ransomware infections and when coupled with a reliable backup greatly reduce the threat posed by ransomware.