By Shawna Bertalot, CIC, ACI, Vice President—Alternative Risk Solutions, Wisconsin Medical Society Insurance and Financial Services, Inc.
Ransomware may sound like something out of a James Bond film, but, as the wide-spread attack in early May demonstrated, this kind of malicious software is very real. More than 130,000 organizations worldwide were compromised in less than 48 hours, and according to the AMA, some cases of this attack have affected patient access to care. Hospitals and clinics need to be aware of ransomware and how to prevent it from compromising their patients’ medical and personal financial information.
Ransomware is defined as a type of malware—or malicious software—that prevents or limits users from accessing their computer systems or files. According to Trend Micro™—an IT security company based in Texas—users can inadvertently infect their computers with ransomware by clicking on questionable e-mails or attachments or visiting an unsafe website. Once executed in the system, ransomware can either lock the computer screen or encrypt predetermined files with a password. In the first instance, the ransomware will show a full-screen image or notification, which prevents its victims from using their system, and gives instructions on how users can pay the ransom to have their system unlocked. In the second, the ransomware will encrypt documents, spreadsheets and other important files of the user or the entire system until the ransom is paid.
Payment does not always guarantee that users can regain access to their files or systems, however, or that the hackers will not attack again. The best practice for ransomware prevention is backing up all files and systems. Trend Micro suggests the 3-2-1 method of “three backup copies on two different media with one backup in a separate location.” Additional prevention strategies include implementing software and security system updates as they become available and training staff to avoid suspicious downloads and e-mails.
A few ransomware attacks against hospitals in California made national headlines last year. And in March 2016, Wired.com reported a ransomware cyberattack at the Hollywood Presbyterian Medical Center in Los Angeles. Its computers were offline for over a week until hospital officials agreed to pay the equivalent of $17,000 in internet trading currency known as Bitcoin.
Ransomware attacks against clinics and hospitals are happening at a growing rate—and it’s not just happening in California. Wisconsin Medical Society Insurance and Financial Services continues to hear from both clinic and hospital facilities in Wisconsin that experienced ransomware attacks in the last year. In most cases, good risk management and data backup procedures saved them from disastrous outcomes. But even then, they both experienced computer system down time and the need to retrieve records, which caused a delay in billing.
This two-minute video, produced by the risk resource team at ProAssurance, describes how some common cyberattacks can occur and offers tips for safeguarding people’s private electronic information. The American Medical Association also provides cybersecurity information.
Wisconsin Medical Society Insurance and Financial Services, in partnership with ProAssurance, offers cutting-edge insurance coverage for data security losses.
To learn more about cyber security insurance, contact Wisconsin Medical Society Insurance and Financial Services at 866.442.3810 or e-mail firstname.lastname@example.org.
The views and opinions expressed in this blog are solely those of the author and do not necessarily represent the views of the Wisconsin Medical Society, Wisconsin Medial Society Holdings Corporation or its subsidiaries. Nothing in this blog should be construed as legal, financial or clinical advice.