Healthcare News & Insights

Ransomware attacks still rising in health care: Protect your hospital

Ransomware is still a significant threat to many hospitals and health systems. In fact, the problem is growing and expanding even beyond health care – whole city governments have been taken down by hackers. Hospitals are still an attractive target to thieves, however, and a recent case may up the number of ransomware attacks against facilities. 

DCH Health System in Alabama, which includes a network of three hospitals, was the victim of a ransomware attack that crippled the facilities’ operations, according to an article in CNN. Staff members couldn’t access computer systems, which kept the hospitals from seeing new patients.

Only patients with life-threatening conditions could be treated in the emergency room, and staff had to record the details of each encounter on paper.

DCH got law enforcement involved, and IT experts worked around the clock in hopes of restoring access to the computer network. However, the health system also told a local news outlet that it paid the requested ransom to the hackers so it could restore access more quickly.

Typically, experts advise against paying the ransom if a hospital or other organization experiences a cyberattack. Not only does it encourage copycat crimes, there’s no guarantee that the criminals will surrender the info needed to unencrypt the victim’s files and allow operations to resume. It’s a gamble.

Prevent issues with ransomware

DCH Health System’s computer network is now up and running, but if it did pay the ransom to get there, it sends a message to potential hackers that attacking hospitals could be a lucrative endeavor.

That’s why it’s key to prevent ransomware from infiltrating your hospital’s systems before you face a similar situation. Here are some important steps you must take to protect yourself, as written in ZDNet, an online publication discussing internet security:

  1. Change passwords regularly. Avoid using default or easily guessed passwords to access any systems or equipment connected to your hospital’s network. Hackers are sophisticated and have software programs available to crack passwords that aren’t secure. They can also secretly install malware on your machines that tracks people’s keystrokes so they can steal passwords. To make this sort of theft harder, have staff change their passwords on at least a quarterly basis.
  2. Know what’s on your network. It’s not just computers that need to be secured. Any smart medical devices that are connected to your facility’s internet network can also be used as points of entry for hackers, who can exploit security weaknesses in these devices to gain unauthorized access to your system and computer hardware. Double-check that these devices are running the most up-to-date versions of any required software programs.
  3. Create a plan. Have a plan in place for how your hospital would handle a ransomware attack. Because they’ve become more common, it’s not just a theoretical situation – it’s something that your facility could encounter. And you don’t want to be caught off guard if your network is attacked. Your plan should include everything from how you’ll handle disinfecting hardware to how you’ll conduct business while working on the problem. It should also cover how you’ll explain the situation to the patients and whether you’ll get the authorities involved.
  4. Have backup files for important data. Make sure you keep secure backups of all info saved on your computer systems, including patient charts in your electronic health records (EHR) system. These backups should be encrypted and stored somewhere that’s not your main network, so it won’t be compromised if an attack happens. Backups should also be updated regularly. That way, if something does happen with your system, you won’t have to rely on outdated backup data to be up and running again.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.