The attack in Ireland may have been Conti ransomware, listed as the number two ransomware group by the Russian cybersecurity firm Kaspersky. Conti is a “double extortion” ransomware, which means that as well as locking victims out of their systems, the malware also steals data, which the criminals then threaten to release if they are not paid. This is especially damaging when private healthcare data is at risk, and in the United States it’s a HIPAA breach that can lead to additional problems for providers.
For O&P providers, HIPAA says the presence of ransomware in your practice’s computer system is a security incident, defined as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.”
Given the continued threat of ransomware, it may be best to consider an attack not as a matter of if, but when your practice will be affected.
“You have to assume it’s going to happen,” Dustin Bastin, CEO of Elevated Computer Specialists told The O&P EDGE in 2016, but there are steps you can take to minimize your risk.
“At the end of the day, the gem is planning,” James Cannady, PhD, a professor of information assurance in Nova Southeastern University’s College of Engineering and Computing, and a ransomware expert, told us in 2016. “Let’s not only have a plan for what we do if this happens, let’s have a plan for educating our users so they are smart when they are on our computers. Let’s have a plan for what types of software we are going to have, how they are going to be installed, how often they are updated, [and] who is responsible for that…. Knowing that your data is still secure, that you have a copy of it, that you’ve encrypted it so the bad guys can’t read it…. That’s really all anybody can do. And it really solves most of the problems.”
To learn how to protect your business, read “The Increasing Threat Of Ransomware In Healthcare” in The O&P EDGE.