Protecting Your Office From a Cyber Attack
By: Alex Strauss
The scenario is enough to terrify most business owners: When trying to access a computer file, the user suddenly receives a notification that the file has been encrypted and the only way to unlock it is to pay. It is called a ransomware attack and, when it happens in healthcare, the ramifications can reach far beyond expense and inconvenience.
According to the Department of Health and Human Service’s Office of Civil Rights, which oversees the enforcement of patient privacy laws such as HIPAA, the personal health data of 30 million Americans has been compromised by this and other kinds of cyberattacks since 2009. Cyber attackers can sell that data to criminals who may falsify insurance claims or create bogus prescriptions before anyone even notices. Sensitive data could even be released publicly, creating a means of extortion and a privacy nightmare. It is not surprise, then, that healthcare records can be worth 5 to 10 times as much as financial records like credit card or bank account numbers.
The Weakest Link
“The malicious people out there who are trying to attack medical targets through cyber means continue to take advantage of the weakest link - people,” says Wade Hoffman, a Certified Information Systems Security Professional and CTO/VP of Earthbend. “It is not as though these companies don’t have anti-virus software and firewalls. But the reality is that if someone in the office clicks on a link in an email or inadvertently opens a malicious attachment, it can spread to the entire system and lock it down very quickly.”
Hoffman says the fact that people are often working quickly and sorting through many emails can make them less suspicious or careful than they should be in evaluating the legitimacy of every email and attachment. Add to that the fact that the “bad guys” are continually changing the source of their emails and it is a recipe for cyber disaster.
According to Hoffman, in the span of just a year-and-a-half, the number of cyberattacks on facilities in our region has risen dramatically, from about one a quarter to one or two every month. During particularly bad waves of attack, there have been multiple cases in a single week.
“It used to be common to come across clients who seemed to think that this might be all smoke and mirrors,” says Hoffman. “Now it is rare to see those people. Pretty much everyone is concerned about it.”
Tips for Protecting Your Data
In addition to anti-virus software and firewalls, Hoffman recommends a 3-2-1 approach to cybersecurity.
“We recommend a robust and regularly-tested backup system that includes three total copies of important files - two that are kept on site and one that is stored in the cloud,” he says. Regardless of where it is being stored, Hoffman says all data should also be encrypted. That
would make it much more difficult for someone in possession of the data to release it publically. “This allows you to just say, ‘I have a backup and I’m not going to pay you’,” says Hoffman. “Of course, it still costs time and money to restore your data.”
In addition, Hoffman says new technology can be used on top of antivirus software to recognize and stop the tell-tail progression of an attack before it spreads to the entire office. But no technology is foolproof, which is why Hoffman and his colleagues at Earthbend have implemented new staff training for their clients. Staff who are trained to recognize the signs of malicious activity are much less likely to fall victim to it.
“These things will still happen, but if everyone is working with a certain level of skepticism and you have done these other steps, including backing up your data and encrypting your data, you will be in a great position to protect your and your clients’ assets.,” says Hoffman.