Ransomware Attacks In The Healthcare Industry

May 28, 2020 / in Cybersecurity, IT Trends, / by Number8

Ransomware attacks have become increasingly common in recent years. Individuals involved attack healthcare systems and other installations that contain critical private information to get data that is valuable to their targets. According to recent reports, damages caused by ransomware attacks are increasing, totaling billions of dollars every year. For example, a Boardman, Ohio-based Urology practice paid thousands of dollars to hackers during a ransomware attack in order to get their data unlocked, as reported by Ciso Mag. These attacks take over established systems and only release them when the ransom is paid. Doctors and medical staff are locked out and can't access important patient files, which can place people at serious risk.

Why is Ransomware so Challenging?

Ransomware attacks are challenging because they are very difficult to prevent. Hackers constantly change and improve their strategies and many have resources at their disposal to invade poorly secured systems. The healthcare infrastructure is particularly vulnerable because it doesn't have the best cybersecurity. Ransomware attacks may happen when employees accidentally download malicious code into a hospital's systems. For example, something as simple as opening an attachment from an unknown source can create a dangerous hole in your security. Employees receive hundreds of emails every day so it is easier to miss warning signs, which enables malicious code to enter into the IT infrastructure. While firewalls and internet security systems can stop some of these attacks, they can’t fully prevent them. That’s one of the reasons why these attacks have become so common and can even happen to systems with relatively strong security measures in place. Attackers used to target small and less secure IT systems in the past but they have changed their strategy and have become bolder. It is important to take aggressive steps that will help keep these invasions at bay.

How to Secure Your Systems Against an Attack

Stopping these attacks will require strategy and a careful approach. Companies need to come up with a multifaceted response policy that involves employee training, prevention, early detection, planned response to an attack, and strategies for dealing with a locked-down system. Here are some suggestions that can help:

1. Secure Your Systems

The first step to prevent a ransomware attack is to secure the IT infrastructure as much as possible. Install internet-facing security software like antivirus, firewalls, and other such programs. They will act as the first layer of security to block most malicious codes. Make sure essential programs on all devices accessing the company’s network are up-to-date. Software developers release upgrades with protections against the latest threats regularly. Outdated software programs have more security holes than new programs.

2. Control Access

Controlling access is a very efficient way to ensure your systems are more secure. Create multiple levels of access based on an employee’s level of authority in the organization. Make sure people can’t get into sections that aren’t relevant to their responsibilities. For example, a nurse from the cardiology department has no reason to get into the oncology department’s servers. Restricting access as much as possible can help keep vital information secure. Set up privileges for different departments and different levels of employees.

3. Training

Ransomware attacks happen because of ignorance. Many employees don’t know how to detect and avoid malicious code. They unknowingly download these codes onto company servers and create a vulnerable access point. Comprehensive training and regular seminars will help keep employees alert to ensure they remain vigilant.

4. Create a Response Plan

If ransomware code is already in your system, you need to trace it and try isolating it as quickly as possible. A fast response and strong emergency procedures will help protect your information and limit damages. It will also provide IT teams a clear guideline on how to handle the threat. Just paying the ransom isn't enough and it won't make your systems safe. Ransomware gangs maintain backdoor access to their victim's infrastructure for months and may attack at any time if you don't upgrade your security. It pays to stay vigilant and ensure your security is up-to-date as possible. As an information technology company with many years of experience, we’ve helped hundreds of clients leverage technology to become more efficient and increase profits. Interested in learning more? Let’s connect. Send us an email or give us a call at 502-212-0978 and we can get the conversation started.

The Best Cybersecurity Practices for Remote Employees

While some companies are becoming more and more open to the idea of remote employees, a lot of corporate companies still have reservations. When a company opens up to the idea of remote employees, a few things happen. People who are efficient in-house workers become interested in moving their work to a home office. And corporate starts to worry about data breaches on their remote employees’ computers. A study done by the popular company Shred-It showed that over 85% of C-Level executives thought that the risk of getting company data breached was more prevalent when employees were stationed at home. And these executives aren’t worried without cause. Data breaches affected an entire third of remote workers in the United Kingdom over the last year which has put companies at risk left and right.  However, data breaches should not deter all companies from allowing workers to work remotely. The benefits of remote employees far outweigh the downfalls. When a company chooses to allow employees to work from home they not only open up brick and mortar space but also widen their search area when looking for qualified employees to hire. And there are ways to practice safe cybersecurity and prevent data breaches from affecting remote employees. This is what we’re talking about on our blog today, so follow along to learn more about the best safe cybersecurity practices for remote employees.

5 Essential Cybersecurity Practices Remote Employees Should Follow

When it comes down to it, once an employee is working remotely there isn’t much the company can do to protect their devices and data from being hacked. However, there are plenty of safe cybersecurity practices that employees can apply to their work routine to keep themselves, their equipment, and the company’s data secure.

1. Keep Track and Control Of All Devices

One of the main reasons that data breaches occur is because an employee loses their device that holds their work-related information. Across airports in the United States, a laptop is stolen every minute and the majority of those stolen objects are never reunited with their owners. As a remote employee, it is crucial to understand that hackers, and other cybercriminals, are keeping an eye out for the opportune moment to knick a laptop or tablet in hopes it has sensitive information on it. Therefore it is critical to keep track and have control over all your devices when in public. There are multiple ways to do this including:
  • Use the highest level of security to lock and unlock your devices. Touch IDs, 6-digit passcodes, and double factor authentication should be activated.
  • Enable the “Find My Device” feature, so if your computer, laptop, or phone is lost then it may be easier to find if it is lost or stolen.
  • Keep your phone, tablet, or computer with you at all times with no exceptions.

2. Be Careful Using Public WiFi

It can be tempting to take advantage of free WiFi in cafes, restaurants, book stores, and the like; however, it is not always a safe option. Public computers and WiFi connections are easily hackable and, if cracked, hackers can gain access to all files and stored credentials you accessed while on the computer. It is better to avoid public computers and password-free WiFi connections altogether, but if you absolutely must use it then be sure to remember the following:
  • Obscure the view of your screen as best as possible. In an ideal situation, you are able to have your back facing a wall and limited space to your sides.
  • Do not go to any websites that store sensitive information in regards to your job. This includes usernames, passwords, client information, etc.
  • Manually clear all documents you downloaded while using a public computer. This is so others cannot see what files you downloaded and access them, as well.
  • Make sure that the computer is not storing any of your login credentials permanently and restart the device after you are done using it to remove temporary files.

3. Setup and Use Encrypted Email

If you’re in a position that requires you to send sensitive information through email then email encryption is a must. 90% of email is sent as plain text which is not secure in any way and susceptible to spies and hackers. However, with email encryption, any information sent over email is scrambled. This way it is only able to be read when the recipient receives the email and decrypts it. If you’re working from home and it’s been approved by your employer, they should be able to install email encryption software onto your remote work technology. It will ensure that your computer, tablet, and phone are more secure and their information is safe.

4. Do Not Use USBs That Have Not Been Proven Safe

It’s not uncommon for remote employees to use USB drives. Whether they are needing something from the office or need to send something to the office, USB drives help. However, USB drives from unknown sources can contain malicious software. It’s important to remember to never insert an unverified USB into your remote work computer. This even includes USB drives that you may pick up at work-related events. Risking a security breach is not worth waiting to verify the USB or get the files another way (Dropbox, Google Drive, etc.) If you want to go further into safe cybersecurity practices, it’s also important to not let other users plug their USB drives into your computer. There is no way to know what is on their USB drives. They may or may not be aware of a malicious file. Even if you know the person, do not allow it.

5. If Any Issues Arise, Get Your Company’s IT Team Involved

If you fear that the device you use for work has been compromised, notify your company’s IT team immediately. It is so important to be aware of what a breach looks like:
  • Increasing amounts of pop-up ads and spam while you’re browsing or using programs.
  • Slowing down of the computer despite it not running a lot of programs.
  • More and more error messages when trying to perform simple tasks.
  • A change to your homepage, search engine, or browsing settings.
While the company’s IT team may not be able to save your computer, they need to know that data has been breached. This way they can take the necessary steps to further protect the company’s data and servers. It is best practice to tell your IT team everything you can about the breach. Try to remember when exactly it could have occurred, how, and why. There are a lot of benefits to companies having remote workers. However, concerns of a cybersecurity breach can deter executives from taking the leap. By being aware of ways to prevent cybersecurity breaches through common practices, workers can further prove remote work is safe. At Number8, we have offices in Louisville, Kentucky and Costa Rica where we employee remote workers. With the proper training, awareness, and precautions, we are able to employ remote workers without any trouble. To learn more about what we do at Number8, visit our About page. If you’re interested in learning more about Number8 and how we can help your business, contact us today.

GET STARTED TODAY

We’d Love To Schedule A Time To Talk.

Provide your information to talk with a number8 Relationship Manager about your development needs today and feel what it’s like to be listened to before being sold a solution.

  • This field is for validation purposes and should be left unchanged.

We’re Everywhere

number8’s onshore office is located in Louisville, Kentucky where our Account and Relationship Managers work hard to provide all of our clients with exceptional customer service. We also have consultant offices located in Escazú, Costa Rica and San Pedro Sula, Honduras that give us a strong local presence allowing for top-level recruitment, technical training and low employee turnover.

Our Locations
orange_Pin-10Feb