By Herb Miner
From the Fall 2017 Journal of the Colorado Dental Association
Dental cavities are caused by bacteria that produces acid and erodes tooth enamel and dentin. In much the same way, technological bacteria like ransomware can infiltrate your network, destroy your perimeter safeguards and harm your sensitive business and patient information. Ransomware is a growing threat to dental practices. In fact the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, by the Ponemon Institute reported that 69% of healthcare professionals believe they are at a greater risk for data breaches than other industries.1 It is crucial that you and your employees know what ransomware is and how to safeguard against it to avoid costly downtime or, even worse, loss of critical data or business.
What Is It?
Ransomware is pretty much what the name implies—a class of malicious software (malware) that attacks your network and its devices, locking your critical files and holding them hostage until a “ransom” is paid. Ransomware victims are told that once the ransom is paid an encryption key will be delivered to unlock your files. Ransom demands can range from $200 to $1 million and are commonly required to be paid in Bitcoin or cash, both being untraceable.
Forms of ransomware are capable of crawling throughout your network and infecting each device they touch. If the ransomware “bacteria and decay” spreads undetected and unchecked, it can affect the entire network resulting in a catastrophic loss of business-critical and patient data that can cripple a practice. According to The Impact of Data Breaches on Reputation and Share Value, by the Ponemon Institute, 65% of consumers affected by a data breach lost trust in the organization, and 31% say they took steps to terminate the relationship. 2
A ransomware infection can get into your system in many ways. The most common method of infection continues to be malicious, phishing emails. These emails come from an unknown source and carry the ransomware virus in the form of a link or an attachment. When an employee clicks on the link or attachment, their system becomes infected and often infects the rest of your network. Worse yet, there are growing accounts of malicious websites containing ransomware that infect your system just by visiting the site. Recently, the WannaCry pandemic spread due to a third method, a vulnerability in the Windows operating system.
Symptoms and Diagnosis
Are there symptoms of ransomware “bacteria?” Initially, ransomware infections may not have symptoms. However, once the decay has eaten through your safeguards, you will no longer be able to access information critical to maintaining your business. Most commonly a message on the computer screen will notify the user that you are a victim of ransomware and will display a digital clock showing the number of hours you have to pay a ransom before your files are locked forever.
An IT professional can look for evidence of technological bacteria such as ransomware when they are called in for an office visit. They will look at your network and may probe for areas of concern or telltale signs of an attack or breach. The problem with these break/fix methods is that they often do not catch cybersecurity threats until after they have affected your systems.
A Managed Services Provider (MSP) differs from a break/fix IT provider. MSPs provide ongoing monitoring and diagnostics to catch issues before they become problems, much in the way dentists take dental x-rays and schedule maintenance appointments. This proactive maintenance can show newly forming technological bacteria and can rid the system of it before it takes root.
Good anti-virus and anti-malware products will reduce the levels of cyber bacteria that invade your system and cause infections. Web filtering is also advised and systems need to be updated on a regular basis to keep them in peak condition. Patch management is required by HIPAA and will keep your defenses current and help maintain a healthy network.
You should educate yourself and your staff to recognize malicious emails and websites. Take time to review email and website best practices with everyone in the office to reduce your exposure.
Your last line of defense is to restore from an encrypted backup. A bare metal restore will undoubtedly take time, effort and money. Ensure you have multiple reliable, encrypted back-ups in place…and TEST them. Verify the backups are:
- Indeed running.
- Backing up the correct information.
- Can be fully restored.
To Pay or Not to Pay?
It’s too late. My system has been compromised, now what? Do I pay the ransom? If I do, am I guaranteed to get the key to unlock my files? Homeland Security and the FBI advise against paying the ransom. The main reason: There is no honor among thieves––and no guarantee you will receive the encryption code once the ransom is paid. Unfortunately, even if you do receive the encryption key and regain access to your critical data, you will not emerge unscathed. According to a memo from the Office of Civil Rights from July 12, 2016, practices infected with a ransomware virus are required to disclose the breach. The Breach Notification rule is quite clear; practices must notify all patients in writing, notify the local news media and have your practice listed on the Health and Human Services “wall of shame” website.
When To Call a Professional
Only regular network examinations in the form of monitoring and patch management with an MSP can show early trouble and resolve issues before they become significant problems. If ransomware is not treated, it will likely cause network decay and possibly destroy your patient relations and dental practice.
About the Author: Herb Miner is the president and founder of Complete Technology Solutions. He has launched 35 space shuttle missions and 12 satellites into space. Herb has a B.S. in computer systems engineering from the University of Arkansas and graduated Beta Gamma Sigma with an M.B.A. in management of technology from the University of Houston. Contact him at 877-287-7762 or firstname.lastname@example.org or visit systemconfidence.com.