Ransomware - Is Your Practice at Risk?

Written by Heather Siler

Resembling something out of a Hollywood blockbuster, ransomware is a very real threat to any business, hospital, practice, police department, or any organization that uses a computer to manage files and information. Ransomware is a type of malware that “prevents or limits users from accessing their system, either by locking the system’s screen or by locking the user's files unless a ransom is paid.”

Ransomware isn’t going anywhere anytime soon either. In March 2016, there were 56,000 ransomware incidents and $209 million paid to the criminals committing these crimes in the first quarter of 2016.  Furthermore, less than half of the victims of this corruption completely recover their data even with secure backups.

Ransomware is delivered by email with malicious attachments or links around 59% of the time. Clicking on a link in an email is far more dangerous than clicking a link on a website. The venomous software generates profit for attackers by encrypting a user or company’s files and demanding payment (ransom) to decrypt the affected files. These vicious applications can affect any computer, and the data breaches often go unreported or underreported.

What can you do to protect your practice from this type of disaster?

  • Maintain secure backups- data backup must be secured, and shouldn’t be on the main network, or it’s also subject to encryption by the attackers. Offline storage or cloud-based services are great choices for keeping backups from being affected.
  • Advanced email scanning- email is the simplest way for hackers to obtain access because emails are the least secure. Choose a service that provides substantial attachment transcription to protect yourself from viruses, phishing, and malware attacks.
  • Network segmentation- Critical data computers should be separate from web browsing and personal email computers. It’s imperative that employees understand that the critical information computers are for business use only-no surfing the web or checking personal emails on these computers.
  • Response plan- If a cyber attack does occur, knowing what and what not to do is crucial. Having a plan including information on who to call and where your secure backups are located is prudent. This plan should be kept in a secure place and reviewed yearly to help you recover quickly in the event of an attack.
  • Team training- you and your team must be trained in this new age of cyber attacks. Only open email attachments that have been screened by a third-party filter. Never click hyperlinks (URLs) contained in emails. Employees or authorized users are the only people who should have access to your office computers.

The American Dental Association and the U.S. Department of Justice have additional information, and it’s prudent to review this information and be prepared in case your office is targeted.