Posted April 04, 2017
In March 2016 alone there were 56,000 ransomware infections; $209 million was paid to criminals in the first quarter of 2016 and the average ransom demand was $679. To top that off, less than half of ransomware victims fully recover their data even with backups.
How is ransomware delivered? Email is the most prevalent way people receive ransomware. Emails with malicious links and malicious attachments account for 59 percent of ransomware infections, and according to the Osterman Research survey, users are more than twice as likely to infect their systems when clicking a link in an email than they are visiting an infected website directly.
Ransomware attacks are a type of malicious software (malware) that attempts to generate profit for attackers by encrypting a user or company’s files and demanding payment to decrypt them. Since 1989, when a PhD researcher developed a floppy disk version of ransomware that was physically mailed to hundreds of recipients throughout the world, (excluding the US,) ransomware has been an area of concern for IT professionals.
Ransomware encrypts a user’s data and holds it for ransom and can affect any computer device.
According to Symantec, a security software vendor, companies and organizations in general aren’t reporting the full extent of their breaches. In 2015, the firm reported a record-setting total of nine mega-breaches, and the reported number of exposed identities jumped to 429 million, from all sectors. But, also in 2015, more companies chose not to reveal the full extent of their data breaches; a conservative estimate of unreported breaches pushes the number of records lost to more than half a billion. Also reported in 2015, large businesses targeted for attack once were most likely to be targeted again at least three more times throughout the year. Businesses of all sizes are potentially vulnerable to targeted attacks. No business is without risk – even your dental practice.
You need to make sure you have a plan and are doing everything you can to protect yourself and your practice.
Five steps to protect your practice
An ounce of prevention is worth a pound of cure, as Ben Franklin once said. The same can be said here. Regarding ransomware and dental practices, prevention (and education and awareness) is the best defense. Practices must take the necessary steps and develop strategies to protect themselves now because there is a very good chance that an attack will occur. Thus, below there are five key ways that can help build a defensive in-depth strategy to protect against a ransomware attack.
Backing up your critical data should be as second-nature as brushing your teeth, but often those backup copies are not secured. If the backup data is in the same network (or not secured) and a ransomware attack reaches all the systems in your network, then the backups get encrypted as well. Having your backups under ransom is as good as not having backups at all. Consider carefully whether cloud or offline storage (DVD, tapes, or other means.) of backup data is appropriate for your organization.
Emailing filtering is common these days, but the threats are more sinister than offers of free vacations or free medications. Ransomware hackers are crafting new, zero day (brand new) attachments and phishing hacks to get into your systems.
Email is the easiest way into your network and is commonly the least secured. We have found that services like MimeCast give robust attachment transcription (making a Word doc into a PDF, for example) and more advanced virus and phishing filtering to help protect your end users.
Keeping critical data and servers segmented logically from computers that are used for web browsing and email keeps your critical data safe from ransomware attacks. Work with your local IT resource or vendor to put together a solid network segmentation configuration for your critical systems.
Knowing what to do (and not to do) is critical if and when an attack happens. You’ll want to have phone numbers handy, know where those secure backups are and how to get to them so you can recover quickly and efficiently. Ensure that the plan is written down and printed out (you don’t want the plan ransomed) and that it’s reviewed yearly at a minimum.
At the end of the day it’s not the sophistication of an attack that determines its success, it’s the weakness of the end user. As programs from the Sans Institute teach us, the most important security measure is end-user training. End users need to know about:
There is a lot more information on how to protect your practice from ransomware on the internet. The ADA and U.S. Department of Justice also have information on their sites that can give you additional information. Take the time to review this information and protect yourself and your practice. The investment made today could not only prevent your patients’ health information from being illegally disseminated, but it could also save your practice a ton of headaches and money in the future.