Banner

Publication

Article

Medical Economics Journal

Medical Economics August 2021
Volume98
Issue 08

The ransomware threat grows

Author(s):

Rachel V. Rose, JD, MBA

How to prepare to protect your practice

A May 12 presidential executive order from the White House stated, “The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” This executive order came days after the Colonial Pipeline ransomware attack that underscored the vulnerabilities of the government and energy industry participants.

The health care industry is likewise plagued by myriad cybersecurity-related attacks, including use of ransomware. For example, the hackers in a recent ransomware attack went so far as to voice their displeasure with the hospital for denying it had been hacked, stating, “Does (the hospital) have control of this system? The answer is no. The last time we checked, we own their Ascom system and their data,” according to the indictment. This arrogance is similar to that of many cybercriminals, including those who prompted the Cybersecurity and Infrastructure Security Agency, Department of Justice, FBI, and Department of Health and Human Services to publish Joint Cybersecurity Advisory — Ransomware Activity Targeting the Healthcare and Public Health Sector (updated Oct. 29, 2020), in light of six ransomware attacks against hospitals across the United States. The primary tactics utilized to infect systems with ransomware for financial gain were Ryuk and Conti. The primary activities “include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware,” according to the federal advisory.

In light of the heightened awareness and the increased proclivity of attacks, the National Institute for Standards and Technology published Tips & Tactics: Ransomware, an infographic that includes quick steps individuals can immediately take to reduce the threat of a ransomware attack:

  • Use antivirus software consistently.
  • Keep computer patches up-to-date.
  • Block access to ransomware sites by installing the appropriate software and services.
  • Allow only authorized apps on computers, tablets and smartphones.
  • Restrict personally owned devices.
  • Use standard user accounts versus accounts with administrative privileges whenever possible.
  • Avoid the use of personal apps and websites on company or work computers.
  • Train the workforce to be aware of unknown sources and social engineering.
  • Be sure to run antivirus software and/or look at links carefully.
Download Issue PDF
Articles in this issue
Preparing your practice for an efficient flu season
Preparing your practice for an efficient flu season
Why you should prioritize billing & coding oversight
Why you should prioritize billing & coding oversight
Coding office visits: The 99211 checklist
Coding office visits: The 99211 checklist
How to handle patient collections
How to handle patient collections
Get paid what you are owed
Get paid what you're owed
The ransomware threat grows
The ransomware threat grows
Prepared medical staff key to stopping ransomware
Prepared medical staff key to stopping ransomware
Physician wellness tips post-pandemic
Physician wellness post-pandemic
Choose these funds to avoid inflation harm to your investments
Worried about inflation harming your investments?
Social determinants of health: COVID-19 pandemic has widened the gap
Social determinants of health: The COVID-19 pandemic has widened the gap
Hospital consolidations in crosshairs of Biden administration
Hospital consolidations in crosshairs of Biden administration
Should physicians pay off debt or invest for retirement?
Pay off debt or invest for retirement?
estate money under house
How physicians can keep their estates out of taxable terrain
virtual care doctor cellphone
Beyond urgent care: Why virtual second opinions are telehealth’s next value differentiator
risk blocks
Mandating COVID-19 vaccines for high-risk employees might not be as safe as it sounds
Related Videos
Dermasensor
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Related Content
© Azara Healthcare
November 21st 2024

From silos to synergy: Uniting health plan and EHR insights to drive success in value-based care

Is too much regulation stifling health care innovation?
October 10th 2023

Is too much regulation stifling health care innovation?

© Inovalon
November 18th 2024

AI’s role in reshaping revenue cycle management

Artificial Intelligence in medicine: what it means for primary care
October 17th 2022

Artificial Intelligence in medicine: what it means for primary care

Ransomware on the rise: ©Vchalup - stock.adobe.com
November 15th 2024

Ransomware surge highlights critical cybersecurity gaps in health care

© Irina - stock.adobe.com
November 15th 2024

New survey demonstrates physician support for AI solutions