The year 2016 has been quite successful for Bitcoin ransomware developers so far. After crippling two major hospital systems in quick succession, it was a matter of time until new guidelines would be established. The Healthcare Insurance Portability and Accountability Act was created to address these malware threats.
The vast majority of healthcare organizations is clueless when it comes to understanding and preventing ransomware attacks. This new guideline by the US Health and Human Services Office for Civil Rights should provide additional information on how this malware works. More importantly, it will also help institutions understand how they can spot a threat, and ensure no [significant] damage is done. Tackling Ransomware Requires More Than Technology
Preventing ransomware attacks from happening should be the top priority for every healthcare institution right now. Unfortunately, their limited budgets and less-than-stellar IT staff make that task a lot harder than need be. Providing guidelines is a good way to tackle this situation, albeit it may not yield the desired effect in the long run.
Training hospital staffers to spot a malware threat sounds great on paper, but it’s hard to achieve in real life. Most of the people working at a hospital are already overworked, and the last thing they need is more things on their plate. Limiting user access to account records is another option worth exploring, but it might create friction. If not everyone can access the document correctly, waiting for someone to come by with file access will only slow operations down.
One of the only ways to properly deal with a ransomware attack is by making regular system backups . The HIPAA guidelines touch upon this subject as well, as regular data backups are advised. Developing new security incident procedures, as well as reporting processes, are direly needed. “Implementing a […]
