What exactly is ransomware-and how big of a threat is it to your dental practice?With the recent news of what many consider to be the largest ransomware attack in the history of the planet, I think it’s important to understand more about this issue and how to deal with it.These are the questions I get every day and my response to them:
With the recent news of what many consider to be the largest ransomware attack in the history of the planet, I think it’s important to understand more about this issue and how to deal with it.
These are the questions I get every day and my response to them:
What exactly is ransomware?
Ransomware is pretty much exactly what the name implies. It is a class of malware that, once it attacks your computers, can lock your critical files and demand that a “ransom” be paid in order to receive the unlock key. The ransom can range from as low as $200 to $300 to many thousands of dollars; it’s often related to the size of the business being attacked and their ability to pay the ransom. As long as the files are locked, you are pretty much prevented from accessing any of them.
How does my system get infected with ransomware?
There are many ways that your system can be infected. The most common is when you or a staff member clicks on an email that contains the ransomware virus. The email can be a link or an attachment. Some malicious websites have ransomware that can infect your systems just by visiting the site. The most recent ransomware outbreak, WannaCry, was able to spread due to a vulnerability in the Windows operating system.
Is this a big deal for dental offices?
In a word, YES! Forget for a moment that having your files locked would disrupt your day (or days) completely. According to a memo from the Office of Civil Rights from July 12, 2016, if you are hit with a ransomware virus, you must declare a breach. The Breach Notification rule is quite clear, you’d have to notify all your patients in writing, notify the local news media, and have your practice listed on the Health and Human Services “Wall of Shame” website. It would be devastating for any practice to have to do this.
Can I protect myself against ransomware?
Yes, absolutely. Good anti-malware is a must. I have always been a fan of ESET products, but I would also suggest investing in ransomware-specific products like Cryptoprevent or Hitman Pro Alert. You should have your systems updated on a regular basis. This is called “patch management” and is required by HIPAA. You also need to take time to educate yourself and your staff to recognize malicious emails and websites and learn what to avoid.
Should I pay the ransom if I get infected?
This is a tough question to answer. The offices we support all have encrypted backups, and in most cases, we can restore from a backup; I have yet to see a ransomware virus infect an encrypted backup (not saying it can’t happen, just that I haven’t seen it). Of course, steps would need to be taken to remove the virus from your network before doing this.
What if you don’t have a good backup? Well, your options are more limited in that case. In the vast majority of instances, paying the ransom will get you the unlock key. The criminals that do this realize that if they didn’t provide the keys, people would eventually stop paying. But, we have seen a few cases where the money was paid and no key was provided.
Also, be aware that you can’t send these people a check or pay with a credit card. They will require that you use a digital currency like Bitcoin, which is anonymous and difficult to trace back to an individual owner.
So, what should I do at this point?
Review your security systems in place. HIPAA demands that you do a formal Risk Assessment and develop a Management Plan; there’s no time like the present to start. Evaluate your firewalls, anti-malware software, and backup and disaster recovery systems in place, as well as your system for patching your software. Protect yourself now, before it’s too late!