Hospitals are under attack: Teach your staff to avoid ransomware

Baltimore's Union Memorial Hospital and several other Washington, D.C.-area hospitals run by parent organization MedStar made national headlines recently after falling victim to a ransomware attack that encrypted important patient data, paralyzed medical equipment and forced hospital staff to rely on patients for information about their medical histories.

MedStar hospitals are not alone. Methodist Hospital in Henderson, Ky. declared an "internal state of emergency" in March following a ransomware attack that encrypted digital files and caused unexpected system downtime. And in February, Hollywood Presbyterian Medical Center paid $17,000 to cybercriminals to regain access to IT systems after getting hit with ransomware.

It's a disturbing and dangerous trend. The cybercriminals responsible for spreading ransomware – malicious computer viruses designed to lock up IT systems until a hefty ransom is paid – have no mercy. And hospitals, which often choose to pay the ransom rather than put patients' health at risk, are proving to be attractive targets. More than half of U.S. hospitals have been targeted with ransomware in the last year, according to the results of a new poll conducted by Healthcare IT News and HIMSS Analytics.

It's more important than ever for hospital management teams to remain vigilant and take practical steps to educate staff on best practices for avoiding a ransomware infection. A great way to get started is to talk to staff about how to spot "phishing" emails, one of the most popular methods of spreading ransomware.

Phishing emails are designed to trick victims into clicking on a link or opening an attachment that launches a ransomware attack. They may look like legitimate messages from friends, family or companies with whom you do business. But with a little training and constant vigilance, many phishing emails can be identified as fraudulent and deleted before harm is done. Here are five questions that hospital staff should consider before clicking on a link in the text of an email or opening an attachment:

1. Does the message contain poor grammar?
Cybercriminals are not known for having great writing skills. And while it's certainly possible for a phishing email to be close to flawless, many include misspelled words and turns of phrase that don't quite make sense. Be on the lookout for bad spelling and poor use of language and if it doesn't feel right, delete the email right away.

2. Does the URL match the company name?
Phishing emails may appear to come from a legitimate business that wants you to click on a link that leads back to a page on their website. But by hovering your cursor over the link without clicking, you can see where the URL actually leads. If the URL does not include the exact name of the company in question – or if it looks suspicious in any other way – do not click under any circumstances.

3. Is the branding correct?
The creators of phishing emails that are supposed to be from legitimate businesses often use outdated or incorrect logos, color schemes and advertising slogans. Before clicking on any link in the email, go the website of the business in question. If the email is off brand, delete it without thinking twice.

4. Were you expecting the email?
If you get an unexpected email from a business, an individual or a government agency that wants you to take an action such as clicking on a link, opening an attachment or giving up some kind of personal information, there's a good chance that it's a fake.

5. How does the email make me feel?
That may sound a bit corny, but it's definitely a good idea to trust your instincts. If it doesn't look right or gives you an uneasy feeling, simply delete it and move on to your next task.

Additional ways to protect your hospital from ransomware
Keep in mind that phishing email isn't the only tactic used by cybercriminals to spread ransomware. Another method that's growing in popularity involves hacking into the hospital's network by exploiting known security holes in operating systems and applications. Once inside the network, the cybercriminals are free to unleash ransomware as they see fit. That's why it's absolutely critical to keep software up to date and always install the latest security patches.

Firewall protection and antivirus software are also necessary components of a ransomware-prevention strategy, but they are far from foolproof. Cybercriminals have figured out how to circumvent even the best antivirus and security tools. That's why it's also necessary to plan for the worst and formulate a strategy to recover from a ransomware attack as quickly as possible.

The best way to recover quickly is to take the initiative and implement a high-quality backup system with versioning capabilities before you're attacked. That way, if your hospital's network falls victim to ransomware, you can delete the infected files, remove the ransomware and restore clean versions from backup. Remember: With a high-quality backup system in place, there's no need to pay the ransom.

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.​

Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars