Ransomware: Part 1 -- The threat and your practice

2016 10 13 14 09 55 998 Godfrey Steve 400

Ransomware is a type of malicious software (malware) that attempts to generate profit for attackers by encrypting a user or company's files and demanding payment to decrypt them. Ransomware is typically spread through email by tricking a user into opening a malicious attachment or clicking a link to a malicious website.

Since 1989, when a doctoral researcher developed a floppy disk version of ransomware that was physically mailed to hundreds of recipients throughout the world, excluding the U.S., ransomware has been an area of concern for IT professionals. Today -- especially in the healthcare sector -- ransomware has been making headlines and is an important, growing security concern for dental practices.

Steve Godfrey is the chief information officer for NEA.Steve Godfrey is the chief information officer for NEA.

According to a report published by the American Dental Association, ransomware -- a rapidly growing form of cyberattack -- is a type of malicious software that encrypts a user's data and holds it for ransom, and it can affect any computer device. Most ransomware infects systems through spam, phishing messages, websites, and email attachments, according to the U.S. Department of Health and Human Services Office of Civil Rights (OCR) as cited in the ADA report.

In fact, in March 2016, a dentist in Alpharetta, GA, reported that someone in his office opened an email thought to be from a former contact, and a ransomware virus immediately took hold.

"We knew something happened almost in seconds," said Darrell Morton, DMD, in an article on the WSB-TV website. "The computer that the virus attacked first just immediately started to slow down."

Morton said he then noticed a pop-up message saying if he wanted to retrieve the now-encrypted files, he'd have to pay up. Luckily, all of his practice's patient records were stored on an offsite cloud, so personal information was not compromised. He didn't pay the ransom and instead had his computer vendors fix the problem, but the incident has made everyone in his practice more aware.

According to security software vendor Symantec, companies and organizations in general aren't reporting the full extent of their breaches. In 2015, the firm reported a record-setting total of nine megabreaches, and the reported number of exposed identities jumped to 429 million, from all sectors. But, also in 2015, more companies chose not to reveal the full extent of their data breaches; a conservative estimate of unreported breaches pushes the number of records lost to more than half a billion. Spear-phishing campaigns targeting employees increased 55% in 2015, according to data from Symantec. No business is without risk.

You need to make sure you have a plan and are doing everything you can to protect yourself and your practice.

Ransomware's impact

Once infected, the ransomware may begin immediately encrypting files or may lie dormant until directed into action by the attacker. The ransomware will encrypt any local document files and any documents it finds on attached network drives or network shares. It may attempt to spread itself through the victim's email or by exploiting other computers on the local network.

“You need to make sure you have a plan and are doing everything you can to protect yourself and your practice.”

Once the encryption is complete, the ransomware will display a message demanding payment, typically within 48 to 72 hours, and directing the user on how to pay. In most cases the ransomware will require payment via a digital currency that's difficult to trace, such as bitcoin. Most variants have detailed instructions to help the user make payment and even provide instant customer service via message systems built into the software. To date, few ransomware variants have been cracked. In almost every case, the only method for retrieving the files is to pay the ransom.

A successful ransomware attack impacts the day-to-day concerns of a dental practice, such as providing continued patient care and billing for services, but dental providers need to also understand and plan for the potential regulatory impact. The OCR released a fact sheet specifically addressing the HIPAA requirements implicated by a successful ransomware attack.

The fact sheet clearly states that a ransomware attack is considered a security incident under the HIPAA security rule, requiring the initiation of security incident response and reporting protocols. Additionally, the specific facts of the actual attack may also implicate a breach, triggering patient, state, and federal notification requirements.

At a minimum, affected dental providers will be required to allocate resources to investigate the scope and source of the incident, document their investigation and its results, and implement new protections, policies, and procedures to shield against future attacks. The FBI encourages all victims of ransomware attacks to notify their local FBI office or through the bureau's Internet Crime Complaint Center.

The second part of this series will offer five tips for practices to protect against a ransomware attack.

Steve Godfrey is the chief information officer for NEA Powered by Vyne, where he leads the security and compliance team.

The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.

Page 1 of 520
Next Page