At RB’s Computer Service we have seen malware crop up, seen different viruses catch a blaze and have worked with our clients over the years to thwart them out. However, the stakes and consequences associated with a “Ransomware” intrusion are so much more malicious than others. Local health care clinics, family practice doctors, general practitioners, dentists, and chiropractors, i.e. anyone that deals with HIPPA Compliance needs to know what this is and take action without delay to prevent a Ransomware attack. In this post I’m going explain what Ransomware is, why it is critical to take steps to avoid an intrusive attack and provide a solution to take action. 
Ransomware is all over the internet, but to the local medical practitioner that hasn’t had a chance to wrap his or her mind around it, “Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid.” Trend Micro, https://www.trendmicro.com/vinfo/us/security/definition/ransomware Getting your computer locked up with a virus is nothing new, paying a ransom to unlock it is. Think about these facts for a minute;
- Hollywood Presbyterian Medical Center earlier this year paid hackers US $17,000 to get its systems back online.
- Medstar Health this spring coughed up $19,000 to return to normal operations.
- Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported. (John P. Mello Jr., Freelance Writer, Civil Rights Office Issues Ransomware Guidance, July 22nd, 2016, https://www.technewsworld.com/story/83730.html)
How Ransomware hacks are doing it and why is it increasing? Ransomware hacks are targeting “PHI (protected health information)” and getting access to it from “corporations and individuals through botnet installs, email and social media phishing campaigns, compromised dedicated servers and file-sharing websites.” (John P. Mello Jr., Crime Pays: Ransomware Bosses Make $90K Annually, Jun 14, 2016, https://www.technewsworld.com/story/83603.html) As John P. Mello Jr. explains, it is increasing because “the malware model is evolving, according to the Flashpoint study, which focuses on the Russian ransomware scene. A new form of ransomware has been developed that is in effect 'Ransomware as a Service' (RaaS),” like Software as a Service or SaaS. A would be Ransomware criminal used to pay $2,000 to rent or $5,000 to buy it. Starting last November a would be hacker doesn’t need any skin in the game, but can get it for free from the developer as long as they share “40 to 50 percent of each ransomware payment made.” (John P. Mello Jr., Crime Pays: Ransomware Bosses Make $90K Annually, Jun 14, 2016, https://www.technewsworld.com/story/83603.html) What can you do to prevent an intrusion? Bullet pointed out below, the U.S. Health and Human Services Department's Office for Civil Rights, which enforces compliance with the Health Insurance Portability and Accountability Act, better known as "HIPAA," has released new guidance for healthcare organizations on ransomware, but RB’s Computer Service has been proving service to meet and exceed these guidelines for a number of years with our monthly Managed IT Service Agreements;
- Conduct a risk analysis to identify threats and vulnerabilities to electronic protected health information, and establish a plan to mitigate or remediate those identified risks;
- Implement procedures to safeguard against malicious software;
- Train authorized users on detecting malicious software and report such detections;
- Limit access to ePHI to only those persons or software programs requiring access; and
- Maintain an overall contingency plan that includes disaster recovery, emergency operations, frequent data backups and testing of restorations. (John P. Mello Jr., Freelance Writer, Civil Rights Office Issues Ransomware Guidance, July 22nd 2016, https://www.technewsworld.com/story/83730.html)
Next step? Contact us today for an assessment; consider RB’s Computer Service Managed IT Service Agreement. Our Managed IT Service Agreements are inexpensive to employ in your health care operations. For the price most people pay for lunch each day or the month, your office or clinic could operate with complete peace of mind. Feel free to read my June 2016 blog post, “Managed IT Service Agreements, RB’s Computer Service Gold, Silver & Bronze Level Packages,” https://rbsmn.com/blog/page/2/ . One more important point. Even if you don’t have to pay off a ransomware hack and it turns out to me a major inconvenience at most, if ransomware “encrypts PHI (protected health information)…you’ll have to report it” to HIPAA. Imagine what that might mean to all your patients when they hear about it. You will lose their trust for sure and very likely they will look for someone else they can trust with their private medical info. (John P. Mello Jr., Freelance Writer, Civil Rights Office Issues Ransomware Guidance, July 22nd 2016, https://www.technewsworld.com/story/83730.html). To ensure our clients have all the bases covered, RB’s Computer Service partnered with a HIPPA Compliance specialist team. They assist with conducting a HIPPA Assessment. RB’s Computer Service will help implement HIPPA recommended practices through the audit process. Our partner can also assist with training your employees. To determine your needs, package and pricing options, schedule a consultation with me today via phone or email; 763-441-3884, randy@rbsmn.com. RB’s Computer Service sells the Intel Compute Stick as well as the best laptop computers, best desktop computers, business computers, computer parts and computer monitors. We also provide managed IT services, computer repair, iPhone and smartphone repair to customers and clients throughout central Minnesota and St. Cloud.