<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=1043001&amp;fmt=gif">

Close

Get a Demo
Stephen O'Connor

By: Stephen O'Connor on October 4th, 2016

Print/Save as PDF

How to Protect Your Practice from Ransomware Attacks

Healthcare Advice

As a healthcare professional, you’re charged with not just protecting the health of your patients but also with safeguarding their private, sensitive information.

With the advent of modern networking and inexpensive data storage solutions, it’s never been easier to gather, collect, and analyze large amounts of information on patients. At the same time, the conveniences of computing and constant interconnectedness encourage criminals to penetrate systems in search of valuable data. A ransomware attack infects your system, holding the data hostage until you meet the criminal’s demand for a payment.

Establish Rigorous Backup Protocols

If you don’t back up your data on a regular basis now, you must start immediately. Having a fairly recent backup of patient data will let you say, “No thanks,” to criminals who want money before releasing your data in a ransomware attack. Your IT team can wipe the system clean and reinstall the information from the latest backup.

It’s prudent to consider using a cloud-computing based solution for backups as well, since your information will be stored in multiple redundant data servers in different geographical locations (to protect against data loss in a local natural disaster, for example).


A cloud-based EHR & Practice Management system is great for keeping your information backed up, but is this solution right for you?

Find Out


Update Your Software with the Latest Version

Your electronic health record and practice management software (and other systems) should always be updated to the latest version in order to benefit from the developers’ ongoing security fixes.

Criminal hackers constantly probe for bugs in computer systems and work to exploit them before the developers and end users discover them.

Set up a Firewall and Other Security Measures

As a matter of course, you should have the latest version of your firewall established to keep out bad traffic and avoid letting malware and viruses make it into your system. Remind employees to not write down their password where it can be found near their computer and have them change passwords on a regular basis for added protection.

Forbid Emails with Executable Files

An official-looking email arrives in one of your employee’s inboxes and he or she clicks on it, only to be dismayed when it turns out to be virus that takes over the computer. Filter your emails to keep these executable files away from your team.

When legitimate files must be transferred within your organization, follow rigid protocols, such as encrypted files and folders to protect them as you copy them over a network.

See Files Clearly by Disabling Hidden Extensions

People who leave their computers set in the default mode of hiding file extensions can unwittingly click on malware, such as an EXE file being disguised by naming it “filename.PDF.EXE.”

Clicking what appears to be a normal document winds up activating malware that locks up the system and holds the data hostage until you meet the ransomware payment demands. Disable this option so all employees can see the full name of each file they are considering opening.

With so many reports of hospitals and medical clinics seeing their patient data being held hostage by ransomware attacks, you don’t want to add yours to the list. Following basic computer safety protocols will help you avoid being another statistic. What’s at stake is your reputation and even the long-term success of your organization.

Key Takeaway

  • Medical practices and hospitals that are complacent about computer security are ripe for attacks from determined cybercriminals.
  • If your organization finds its data under the control of criminals through a ransomware attack, your stakeholders may opt to pay the criminals off and hope to recover the data, with no guarantee of success.
  • Audit your security protocols and update all software in use at your facility as soon as possible.
  • Set up a firewall and anti-malware software to protect your system.
  • Train your end users about protecting their passwords and warn them to avoid clicking on mysterious files that appear in their inbox.

MedicsCloud

About Stephen O'Connor

As a Director of Digital Marketing at Advanced Data Systems Corporation, Stephen spends his day's planning, writing, & designing resources for the modern healthcare professional. He has a strong affinity for snow crab legs, the ocean, and Rutgers Football.