6 steps to survive a ransomware attack

February 23, 2017
Melanie Denton, OD, MBA, FAAO

Here are the six tips I learned to help survive a ransomware attack.

The views expressed here belong to the author. They do not necessarily represent the views of Optometry Times or UBM Medica.

In the middle of a busy Tuesday, I stepped into my office to check my email. There was a popup on my computer that said, “All of your files are encrypted. You must pay a bitcoin ransom to retrieve them.” I didn’t really think much of it at the time.

I closed a few windows and saw my desktop-all the files were inaccessible. I sent a quick message to my practice management software company asking if I had a problem. I then received the fastest response ever that said, “This is an emergency. Unplug your computer now.”

Previously from Dr. Denton: 5 tips to keep your exams on track

We had suffered a ransomware attack, a type of cyberattack that locks the user out of critical systems and demands payment immediately. This type of attack is different than when patient health information (PHI) records are compromised.

Locking healthcare practitioners out of their systems and files and demanding immediate payment to retrieve them is a much faster way to make money for hackers. We are the perfect targets.

Here are the six tips I learned to help survive a ransomware attack.

Up next: The server is sacred

 

1. The server is sacred

My biggest mistake (well, one of them) was using the server as a computer. I’m over here trying to save money wherever I can. In my first year of practice I couldn’t justify another computer for myself in addition to the server.

Big, big mistake.

Related: Handling patients who want you to adjust glasses purchased online

The server usually has the backup drive attached, and everything attached to the computer at the time of the attack, such as USB drives, will also be affected.

The server gets to live its life doing one job and one job only- being the server. No email, no Web browsing-nada. Don’t touch it.

Up next: Back, back, back it up!

 

2. Back, back, back it up!

Automated daily backups can potentially save you in a bad situation-that's what saved us. I lost enough term papers in college to know the importance of saving, saving, and saving some more.

Every important file should be saved in multiple locations. Email it to yourself, save it in the cloud, save it on a USB drive-never ever have only one copy. Patient files follow the same rule-back them up often.

Related: Managing your employees’ social media use

Prior to the attack, I was solely responsible for our backup drives. We’ve now made switching the backup drives an everyday checkout task. Not all backups should be in the same place. At least one backup should be offsite. Make sure the daily backups are actually happening and that the files on the backup are usable.

The best defense against losing all of your files to encryption is having those files saved elsewhere. When I handed over our encrypted computer to get fixed, it was amazing to be able to say ,“Just wipe it, I don’t need those files. They were all backed up.”

If you don’t have a backup, you may just have to pay the ransom. It’s not guaranteed that all files will be returned. Attempting to get the remaining encrypted files decrypted may be costly and time consuming and may still result in file loss.

Up next: Beware of your emails

 

3. Beware of your emails

This was my other biggest mistake. Our ransomware attack came in through my email account. Now, before you judge, let me just say that I am not a click-on-anything kind of person. In my case, there was a perfect storm of events that led to me clicking on the link that would attempt to bring us down.

First, my professional email is on our website, which led to Web creepy crawlers picking it up to spam in the hopes that I would give them access. Our email did not have security features, so all messages made it to the inbox. Once there, I was fooled into clicking on a document that infiltrated my computer.

Related: A new contact lens app with potential to harm the public

How do hackers get in? The most common ways for hackers to gain access are executable files. Word or Excel documents, malicious webpages, Adobe files, and links in social networking posts are all possible threats that may contain malicious ransomware.

These people are tricky-seriously.

As the practice owner, I constantly get UPS and FedEx shipment notifications. The offending email mimicked one of those, and I foolishly clicked on it. So, how do you fix the problem?

We set up our emails using Microsoft Outlook with the help of our practice management software team. They were able to install antivirus scanners to specifically scan our emails as they come in. Now threats are detected immediately and disposed of before we have a chance to click them.

Up next: Consider the cloud

 

4. Consider the cloud

For many reasons, I elected to have an onsite server. You may wish to consider going to a cloud based electronic health record (EHR) so that the onus is on someone else to maintain the files.

Related: Recovering from a fire in the optometry practice

In addition, there are companies that specialize in offsite cloud backup. We have a group locally that offers backup services-a solution I am now considering.

Up next: Lock it up

 

5. Lock it up

This event definitely prompted me to reconsider our security at the office. In addition to modifying our backup strategy, installing virus scanners for email, and changing our method for checking emails, we have also locked down Web browsing-some sites are now off-limits on work computers.

Related: Will optometry’s fear of disruptive technology backfire?

Our team is undergoing training about the risks of ransomware and other malicious cyberattacks and how to watch for them. We’re also keeping our antivirus updated.

Up next: Rock stars

 

6. Rock stars

You need a few of these in your corner. Mine specifically were the folks at my practice management firm who went above and beyond in making sure the attack was quarantined, the temporary server was online, and our email was remotely set up with the virus scanners.

Related: New technology helps IOP measurement

We also had a local company that came and retrieved the server the day after it was compromised, returning it by the end of the second day.

Ultimately, we didn’t actually lose any patient files due to the attack. The ramifications of my mistake were thankfully limited to just a little stress and some extra money to fix it-we were lucky.

Up next: Cyber attacks on the rise

 

Cyber attacks on the rise

The FBI has reported that ransomware attacks are on the rise. The Cryptolocker strain of ransomware alone stole $27 million in six months from organizations like mine whose files were taken hostage.1

Healthcare practitioners and hospitals are the perfect target. We rely so heavily on our computer systems. Think about losing all of your patient files and not having a backup.

Related: Top 10 practice management mistakes

Did you heart drop? Mine did, and I have only one year of files. Would you pay the ransom? You might be forced to without the proper strategies in place.

Take some time to assess your cybersecurity and make sure all of your backup systems are being utilized. In the end, you’ll be glad you did.

References

1.Ash M. Ransomware and Health Care: There’s More at Risk Than Just Money. Security Intelligence. 2016 Aug 8. Available at: https://securityintelligence.com/ransomware-and-health-care-theres-more-at-risk-than-just-money/. Accessed 2/22/17.

Read more from Dr. Denton here

Related Content:

News