With Ransomware On The Rise What Can You Do To Protect Yourself From Ransomware Attack

06/20/2016 - 3 minutes read

The recent attacks on hospitals across the world affecting hundreds of thousands patients information globally obtained by hackers emphasize the scale of the issue. The ever rising trend of cyber-attacks on healthcare with ransomware happens mainly through phishing email and the reason being is underestimated importance of cybersecurity measures to be taken in the healthcare industry.

In the instance of Wyoming Medical Centre cyber-attack through email scam the damage involved exposure of nearly 3,300 patient’s sensitive information. The attack performed through legitimate looking phishing email to which employee have responded, and thus letting hackers an access to Hospital network enabled them to obtain patients personal information as names, contact details, health insurance details, social security numbers and other sensitive data that may cause harm if landed in wrong hands.

Based on the scenarios of recent attacks on healthcare establishments, InfoSec industry suggests in the average several crucial tips to follow to prevent corporate email network from being a victim of a phishing scam:

  1. If you received excel or other files instructing you to enable some options like macros to be able to view the so called “important information” – do not do it.
  2. NEVER provide your password to anyone via email
  3. If you are a Healthcare Establishment – use only HIPAA compliant email service (ShazzleMD is one of them and provides an easy solution, no password required and works like any other email)

Be suspicious of any email that:

  1.     Requests personal information.
  2.     Contains spelling and grammatical errors.
  3.     Asks you to click on a link.
  4.    Is unexpected or from a company or organization with whom you do not have a relationship.

If you are suspicious of an email:

  1.     Do not click on the links provided in the email.
  2.     Do not open any attachments in the email.
  3.     Do not provide personal information or financial data.
  4.     Do forward the email to the HHS Computer Security Incident Response Center (CSIRC) at csirc@hhs.gov and then delete it from your Inbox.
  5. Although HHS’ CSIRC undoubtedly does not want a barrage of emails from non-government entity staff reporting potential phishing attacks, a covered entity or business associate should articulate a similar process for staff to follow when a suspicious email is identified.

Be suspicious of any email that:

  1. Includes multiple other recipients in the “to” or “cc” fields.
  2. Displays a suspicious “from” address, such as a foreign URL for a U.S. company or a Gmail or other “disposable” address for a business sender.  However, even when the sender’s address looks legitimate, it can still be “spoofed” or falsified by a malicious sender.

Following the above mentioned tips will increase cyber security of a healthcare network, and not only, from a ransomware attack performed via phishing emails that are increasing with high tempo every month.

Tags: , , , , , ,