Dental and Medical Counsel Blog

How to Protect Your Practice Against Ransomware Attacks

July 14, 2021

There is a common misconception that dental practices, medical practices, and other businesses are defenseless against ransomware.  Though ransomware is certainly a legitimate threat that has the potential to worsen even more, there are some things you can do to minimize your practice’s chances of falling victim to such an attack.  Time is of the essence as indicated by President Biden's recent issuance of a memo on the threat of ransomware earlier this month.  Act now and your practice just might escape unscathed amidst the alarming rise in ransomware attacks.  Here's how to do it.

Start by Recognizing the Threat of Ransomware

Now that President Biden is formally addressing the threat of ransomware in front of the nation, it is time to assess your practice’s cyber defenses.  If you have not been attacked by ransomware, count your blessings.  However, if you have not done much or anything to prevent a ransomware attack, now is the time to be proactive.  Heed the recommendation of President Biden to protect against ransomware and your practice will continue humming along like a well-oiled machine.  In fact, the Office for Civil Rights within the Department of Health and Human Services has shared recommendations from the United States Cybersecurity and Infrastructure Security Agency to safeguard systems against these nasty digital attacks.

Dentists, physicians, optometrists, veterinarians, and other professionals who proactively implement the optimal cyber defenses and strategies against ransomware are that much more likely to remain open even if targeted by miscreants in cyberspace.  The last thing your business needs is a shutdown that renders your computer network inaccessible and your billing systems useless.  Though you still might be able to provide a limited number of services with your computers and network held hostage, documenting treatments, billing patients, and performing other necessary duties will prove difficult or even impossible until the ransom is paid.  You can avoid such a situation by addressing your digital security inadequacies now rather than waiting until you are in a hacker’s crosshairs.  Heed President Biden’s call to treat ransomware as an urgent digital security threat and prepare accordingly.  Let's take a quick look at some specific ways medical services providers can guard their practices against ransomware. 

Understand Healthcare Service Providers are Being Targeted

Part of defending against ransomware is acknowledging the legitimacy of the threat and heightening your team's awareness of its existence as well as its potential impact on your practice.  Ransomware and malware attacks often zero in on healthcare services providers.  However, the general public typically reads about ransomware attacks launched against large corporations as those attacks are more newsworthy. 

The sad truth is healthcare providers are targeted by ransomware on a daily basis.  These attacks are likely to compromise your internal records including sensitive financial information and protected health information.  So don’t assume your business won’t be attacked by ransomware hackers just because you don’t have millions of dollars in revenue or a national profile.  Ransomware attackers are ready and willing to attack small businesses including those that provide essential services to vulnerable people.

Patch the VMware Vulnerability

The United States Cybersecurity and Infrastructure Security Agency or CISA for short has specifically warned healthcare providers and other business owners of the critical VMware vulnerability.  CISA asked business owners and webmasters to patch this vulnerability as soon as it is identified.  VMware is best described as a type of software for cloud computing.  However, it must be noted there is also vulnerability in the VMware Cloud Foundation, VCenter Server, and VMware. 

Additional Strategies to Reduce Your Practice's Ransomware Risk

Aside from making your team aware of the threat of ransomware and patching the VMware vulnerability as described above, there are some other things you can do to bolster your practice’s digital security.  In fact, the letter released by the White House in response to the latest ransomware attacks highlights nearly half a dozen best practices to enhance cybersecurity across the nation.  Even if proactively implementing these defenses does not completely prevent ransomware attacks, they will greatly reduce the chances of such an attack being successful. 

To be more specific, the letter highlights the importance of businesses of all types and sizes backing up their data with regularity.  If your practice is not backing up its data on a daily basis, now is the time to do so.  You can back up your data to an external hard drive that is on-site. Alternatively, you can back up your data to the cloud and access it through the internet.  It is also a good idea to save system images and establish frequent system restore points on computers so they can be reset in a timely manner without losing data.

Systems must be updated and patched as quickly as possible.  Patching without delay bolsters operating system security, firmware security, and even that of applications.  If your practice has not yet created an incident response plan that details exactly how you will respond to a digital attack or emergency, create one now.  This detailed plan will lay out exact protocols should such an unfortunate scenario unfold.  The incident response plan should be tested frequently.  If there are any questions or concerns as to whether business operations will prove sustainable amidst a ransomware attack, another digital attack, or a natural disaster, do not hesitate to rely on a third-party testing service to gauge the security of your company’s systems. 

If you are notified of a software update, apply it right away.  In particular, it will help to update your anti-malware and digital security software.  Certain ransomware strains will use system administrator accounts to wreak havoc.  This ransomware will prove to be less of a threat if you restrict administrative and system access.  Terminate system administrator default accounts and decrease user accounts to form a roadblock in the way of ransomware attackers.  It will also help to restrict code execution.  Some ransomware is meant to execute from both data and temporary folders yet it won’t access such folders if you implement the proper access controls.

Mind Those Emails

There is a common misconception that ransomware is transmitted through an unseen attack without a specific user action.  However, the truth is some ransomware is sent through email.  You can reduce the chances of a successful ransomware attack at your practice by sweating the small stuff of your email protocols and security.  Robust filtering will prove particularly helpful.  Filter out the spam email messages along with those that have the characteristics of threats and you will have significantly reduced the chances of a successful ransomware attack resulting from an employee clicking on a virus-laden email, attachment, or link within the message. 

Email security extends to blocking attachments.  Block specific types of attachments to email messages and your employees won’t have the potential to click email attachments that contain viruses.  In particular, ransomware is commonly transmitted in a type of executable attachment so it only makes sent to establish a policy that such attachments cannot be used in email.   Set up your company’s email to remove these attachments and you will sleep soundly knowing you have done your part to prevent potential ransomware infiltration by way of email attachments.

Guarding Against Ransomware at the Network Level

Preventing the spread of ransomware at the network level is a bit more challenging.  Though firewalls that feature whitelisting or blacklisting will certainly prove helpful in reducing the chances of malware downloads from the web and might even prevent ransomware from connecting with the servers, there is still a chance the attack will prove successful.  Ideally, the firewalls will fully block or at least limit the remote desktop protocol (RDP) and additional remote management services.   Sadly, if the network insecurity results in an internal host being infected, stopping the spread of ransomware or even slowing it will likely prove challenging if not impossible. 

If your network is breached, the most important thing you can do to mitigate the spread is to disconnect right away.  All wired connections, Bluetooth connections, and wireless connections should be disconnected.  Even the automated data backups to external or internal devices should be disabled.  At this point, it is best to contact the IT professionals for assistance.

Why Ransomware Attacks are Worsening

Though few know it, the first ransomware attacks date back about 30 years.  These attacks have gradually evolved and will undoubtedly continue to evolve in the days, weeks, months, and years ahead.  Part of the problem is the lack of employee awareness of this digital threat.  Ransomware has not been covered by the mainstream news media until recent years.  Unfortunately, the majority of dental practices, medical offices, and other medical services providers do not invest the time or resources necessary to ensure staff members can identify the signs of digital threats.  Some such employees will click email messages, links, attachments, and other items that serve as avenues for ransomware to infect the system. 

Though training employees on cybersecurity certainly costs money and takes time, it is worth it.  A small investment in training your staff about ransomware and additional digital threats has the potential to prevent an attack that renders your business inoperable.  A fully trained staff that is hyper-aware of digital threats such as ransomware and capable of identifying the signs of such threats will do its part to maintain digital security.  Another reason why ransomware attacks have proven successful across the years and decades is computer operating systems do not have the capabilities to detect runtime that might prevent ransomware execution in its earliest stages, potentially prior to the start of encryption. Continue to dig deep into the "why" of the success of ransomware attacks and you will find all sorts of additional technical explanations of this unique digital threat detailing how it sneakily makes its way into networks and computers.

Change is the Only Constant When It Comes to Ransomware 

Though there are plenty of things your practice can do to reduce the threat of ransomware or even prevent attacks, the extent of your defenses is time-sensitive as this digital threat is ever-evolving.  Defending against ransomware is made all the more difficult as your defenses are inherently limited to the advances made by the evildoers, meaning additional virus complexities might render existing defenses useless.  Ransomware attackers are constantly improving their tactics.  In particular, ransomware attackers are becoming that much better at social engineering.  These cyber miscreants really are willing to research others and imitate them in an attempt to convince targets to fork over user names, passwords, and other highly sensitive information.

It is clear that ransomware will continue to change as we quickly transition to a high-tech society in which computers and networks are used for nearly every aspect of life.  Continue to improve your digital defenses in response and you will have done your part to keep your practice fully functional throughout the entirety of the year.

If you fall victim to a ransomware attack or have concerns safeguarding your practice, contact Dental & Medical Counsel to schedule a complimentary consultation with attorney Ali Oromchian.

 Contact Us Today for a Complimentary Consultation!


Subscribe to Our Blog

Stay updated with industry news!