Ransomware: Questions and Answers

vchalup / stock.adobe.com

Unless you’ve been living under a rock or on a remote island, you know that ransomware has become part of everyday life on this planet. Not a day goes by that there isn’t news of some major company or organization that has been a victim of an attack. With so much discussion about ransomware, we really should take a step back to understand what it is and why it matters.

What Exactly is Ransomware?

Ransomware is pretty much exactly what the name implies. It is a class of malware (viruses) that, once it attacks your computers, can lock your critical files and demand that a “ransom” be paid in order to receive the unlock key. The ransom can range from a few thousand to many millions of dollars; it’s often related to the size of the business being attacked and its ability to pay the ransom. As long as the files are locked, you are pretty much prevented from accessing any of them without a decryption key.

How Does My System Get Infected with Ransomware?

There are many ways your system can be infected. The most common is when you or a staff member clicks on an email that contains the ransomware virus. The email can be a link or an attachment. Some malicious websites have ransomware that can infect your systems just by visiting the site. Many other viruses are able to spread because of vulnerabilities in the Windows operating system.

Is this a Big Deal for Dental Offices?

In a word, yes! Forget for a moment that having your files locked would disrupt your day (or days) completely. According to a memo from the Office for Civil Rights from July 12, 2016, if you are hit with a ransomware virus, you must declare a breach. The Breach Notification Rule is quite clear: You have to notify all your patients in writing, notify the local news media, and have your practice listed on the Department of Health and Human Services Wall of Shame website. It would be devastating for any practice to have to do this.

Can I Protect Myself Against Ransomware?

Yes, absolutely. Good antimalware software is a must, but I would also suggest investing in ransomware-specific products like Intercept-X or HitmanPro. A newer technology, application whitelisting, prevents any unapproved software from running. You should have your systems updated on a regular basis; this is called patch management and is required by the Health Insurance Portability and Accountability Act (HIPAA). You also need to take time to educate yourself and your staff to recognize malicious emails and websites and learn what to avoid.

Should I Pay the Ransom if I Get Infected?

This is a tough question to answer. The offices we support all have encrypted backups, and in most cases, we can restore from a backup. Of course, steps would need to be taken to remove the virus from your network before doing this.

What if you don’t have a good backup? Well, your options are more limited in that case. In the vast majority of instances, paying the ransom will get you the unlock key. The criminals who do this realize that if they didn’t provide the keys, people would eventually stop paying. But we have seen a few cases where the money was paid and no key was provided or, if it was, it didn’t work to restore all the files.

Also be aware that you can’t send these people a check or pay with a credit card. They will require that you use a digital currency like Bitcoin, which is anonymous and difficult to trace back to an individual owner.

What Should I Do at this Point?

Review your security systems in place. HIPAA demands that you do a formal risk assessment and develop a management plan, and there’s no time like the present to start. Evaluate your firewalls, antimalware software, backup, and disaster recovery systems in place, as well as your system for patching your software. Protect yourself now before it’s too late!