The WannaCry ransomware attacks last weekend wreaked havoc around the world, most notably by taking the UK’s National Health Service offline on Friday.
How do they start?
These attacks generally start through email. People receive emails that trick them into clicking links and/or downloading attachments. This could lead to the installation of malicious software on one computer where it quickly encrypts all files, demanding a ransom payment in order to unlock them. At the same time, ransomware also infects other computers and servers connected to the same network. The software needs only one point of entry to potentially destroy an unprotected network. Just one user in your office can accidentally install the malware, which then infects other computers and possibly your servers as well.
Best practices to avoid trouble:
- The best protection from the current threat is to be sure you have the latest operating system patches installed. On a PC, be sure you have automatic Windows updates enabled; on a Mac, check the Apple Store. (Note that WannaCry doesn’t appear to target Apple OS X computers, but maintaining system updates is still important on a Mac.)
- Do not open attachments or click links in email from anyone you don’t know, or even when you know the sender but the message looks suspicious — examine the message header and signature to see if anything looks out of place. When in doubt, call the sender to verify.
- Invest in a network firewall that includes a subscription for real-time scanning and protection against the latest viruses and other malware. These devices help protect all the devices on your network and provide the best front-line defense. The router device you get from your ISP rarely includes this functionality – you need a separate firewall.
- Contact your IT Support vendors to check on and potentially update your servers.
- Do not use USB or portable drives to move information – share files through tools like Google Drive or Dropbox (and if you are handling PHI, be sure you have a Business Associate Agreement in place).
- Set a policy in your office so staff only use computers for business purposes, not web surfing, personal business and email, or entertainment.
- Contact the vendor who supports your email account and make sure it is protected against malware and viruses – and know that typically, free email providers do not offer the best protection.
Cyber attacks get more sophisticated each day. It’s important to stay nimble and prepared for these serious threats, especially as a small practice with fewer resources than a large healthcare organization. For comprehensive instructions on handling cyber security breaches, see the SANS Institute’s, An Incident Handling Process for Small and Medium Businesses, which outlines their industry-standard PICERL approach, and HHS OCR’s Ransomware Factsheet.