Although it might seem unlikely that an international cybercrime outfit would target medical practices, it is a reality of the times we live in. According to Kevin McCarthy, Technical Lead Network & Security at Altron HealthTech, cyberattacks are happening all around us. “Outdated technology is not enough to stop them.”
The starting point in the quest to protect your practice information is to fully understand what a cyberattack is and how it can be prevented. “Most people don’t know they have been hacked until it is too late. Practices should therefore have proper data backup and restoration procedures in place to limit data losses,” says McCarthy.
A cyberattack is an attempt by hackers, or any other unauthorised entity, to gain access to secured infrastructures and devices. Their goal is to compromise, alter or steal the private information of individuals or organisations. A ransomware attack is a type of cyberattack where malicious code is installed on devices or systems. The code, or software, prevents you from accessing your own information or data – unless you pay a ransom, usually in untraceable crypto currency.
Ransomware can infect your system in multiple ways. According to McCarthy, the most common is phishing emails that get you to click on a link or open an attachment, believing the message is from a trusted source. “Infected websites, malicious software, downloading infected files or plugging in corrupted flash drives can also lead to ransomware holding your practice hostage,” he says.
If your business falls victim to ransomware, the first step is to contact your IT expert to identify and remove the software from infected devices. Once this is done, your device may be restored completely from a good backup system, hopefully resulting in minimal data loss. “Security experts around the world agree that you should not pay the ransom as there is no guarantee you will get your files back, and payment just fuels more attacks,” says McCarthy. “The good news is that there are a number of ways to safeguard your medical practice against a ransomware attack,” says McCarthy. These include:
- Make sure that you use reputable anti-virus products on all your devices, with automated anti-virus updates and regular scanning.
- Implement content scanning and filtering on email servers. Inbound scanning should be done for known threats, and attachments that could pose a threat.
- Be cautious about all communication you receive, and do not click on links and attachments in suspicious emails.
- Do not enter personal information into suspicious portals.
- Limit the amount of personal information you divulge in the internet.