Ransomware loves healthcare organizations. Their systems are often vulnerable and their data is confidential, often requiring immediate access as a matter of life or death. Although several large healthcare systems were successfully targeted by the WannaCry ransomware attack recently, the industry response is generally slow in reducing risks.

Healthcare Vulnerability to Ransomware

Healthcare organizations of all sizes from a physiotherapy office or small community clinic to a large teaching hospital are particularly susceptible to attacks from ransomware. Fortune magazine reported a 2017 Verizon data breach analysis that showed ransomware moving from the 22^nd most common type of malware in 2014 to 5^th place. The report also found that 72% of all healthcare malware attacks in 2016 involved ransomware.

Why focus on the healthcare sector that appears to be so technologically advanced? Unfortunately, although medical technology is always pushing boundaries, healthcare administration often lags far behind. Budgets focus on providing direct patient care, not upgrading large IT support systems.

This means that extensive personal data from medical records to credit card numbers if all too easy to access. Consider these typical situations:

• Infrequent updates of devices and software, usually because of budget considerations
• Increasing use of medical and fitness devices loaded with personal data and used offsite but linked to hospital IT system
• Large, expensive diagnostic equipment often running on common, outdated operating systems with easy access to the rest of the facility network
• Low priority attached to employee responsibility for security measures such as being able to identify phishing scams or changing passwords regularly
• Inadequate response plan for data breach

There is little if any data collection and storage that is more important than healthcare information. Not only is the data intensely personal, it often informs life or death decisions so immediate access is essential.

Guard Against Ransomware

Like any other business, healthcare organizations would do well to take preventative steps such as:

• Performing regular backups of all files
• Segregating network in order to be able to shut down affected units
• Training users to identify suspicious email or files and alert IT staff
• Using only medical devices designed for increased security; e.g. data encryption, authentication for account access, secure default in case of error, local option for storing data

Perhaps the most important step is the installation of a business continuity solution such as Digital6 Technologies’ ShareSync. This technology combine real time backup and file sharing in one product. Even a serious attack from malware, including ransomware will not stop the healthcare personnel from continuing to deliver their usual excellent service. ShareSync ensure an instant roll back to uninfected files and immediate access to those clean files from any device other than the affected ones.

There would be no need to even consider paying money to anyone. The virus will be contained and security restored, all while patients continue to receive care.

A Digital6 Technologies specialist is always available to discuss the best ShareSync solutions to protect from and contain any ransomware attack on a healthcare system.