What you can Learn from Recent Hospital Hacks
October 10, 2018
!-– Googele Fonts –-> <!-– End of Google Fonts –->
The cyber security industry as a whole has made massive improvements over the years, and businesses are protected against more forms of attack than ever before. Unfortunately, part of this surge is in response to how the cybercrime world is similarly growing stronger. In 2018 alone we’ve seen major worldwide companies fall prey to ransomware and malware. Names such as WannaCry, SamSam, and NotPetya have entered the public consciousness.
Hospitals have been a main target of hackers in this recent wave of data breaches, and it’s because hackers know they can’t afford to be out of commission for very long and will pay anything to keep their systems running. It’s a shame that people do this to hospitals where people’s lives are at stake, but in terms of cyber security there is a lot hospitals can learn about these breaches to better protect themselves.
It’s time to get ransomware protection
Ransomware is the flavor of the month for hackers in 2018, and it’s partly because most businesses don’t know that anti-virus doesn’t mean anti-ransomware. Last year, hospitals in the U.S. and around the world were hit by a ransomware attack that required them to pay $300 to a bitcoin address to restore their network.
It doesn’t sound like much, but the $300 isn’t what’s important. The $300 is just the extra pay day for the hacker, the real cost comes from the downtime of having your entire IT network down while figuring out how to get the money and pay the hacker. Precious hours, or even days, can be lost while hospital executives and managed service providers decide a course of action or wait for the hacker to release your data (if they even do).
Just one ransomware attack can sink a business, which makes it imperative to be protected against it. However, an anti-virus won’t cut it. What an anti-virus does is scan your files and look for any bad code that matches a database of existing viruses that the anti-virus has before quarantining and eliminating the bug. Ransomware is almost always a completely new code that an anti-virus wouldn’t recognize, which means you need a more proactive security software. Anti-ransomware software scans your files for any suspicious changes or activity, and if it looks as if it could be ransomware, instantly quarantines it.
Never spend a day with out-of-date software
When you get a notification for an update on your personal laptop or computer for a firewall or communication app, you probably delay it as long as possible. We know, because we all do it. We don’t want to sit through a long download and restart the computer afterwards for the update to take effect, it’s annoying!
These updates and patches happen for good reasons. One of these reasons is that the software developers found a hole in their security that could be exploited, and oftentimes they find out only because it was. Hackers communicate with each other and sell information through the dark web, which means that if your business is running on any out-of-date software, all it takes is one hacker to know how to crack it for everyone else to know.
After a slew of healthcare-related breaches in 2016 and ’17, including a fertility clinic in Minnesota, a task force organized by the U.S. Congress realized that the IT systems used by healthcare organizations must be more secure and the cybersecurity guidelines be much clearer.
This is mostly a matter of simple education, and every employee knowing what and what not to do to protect the business from a hack. We’ve written countless blogs on the topic, so check them out for specific tips on cybersecurity, and think about working with a trusted and proven managed service provider. That way, they can focus on the cybersecurity while you just worry about making people healthy!
For more information on the cloud and how to can protect you against ransomware and malware, check out the TOSS C3 website and call us anytime at 1-888-884-8677.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.