What is ransomware and why should I care?
Over the past week there was a breaking news story about hundreds of thousands of computers under attack by a ransomware called “WannaCry.” This was especially concerning because the malware infected NHS systems in the U.K. and hospitals across Europe and Asia. While the U.S. was not hit as hard by this attack, it is a call to action for everyone to strengthen digital security.
What is ransomware?
Ransomware is just like an old-fashioned kidnapping movie except instead of the villain demanding money for the safe return of a child or spouse, you are asked to pay to get your electronic files back.
For ransomware to work, a computer is first infected with a virus by either clicking on an email link or opening an attached file. The deceptive email generally appears as something innocent like “FedEx tried to deliver a package. Click here to reschedule.”
While it would be very frustrating and upsetting if one’s personal finances or family photos were held ransom, imagine the impact of this happening to hospital systems preventing practitioners from accessing patient records.
What are we doing at Digital Pharmacist?
At Digital Pharmacist, we run protection software that scans daily for hidden malware and proactively monitors for known risks. We have also partnered with our hosting provider to ensure proper protection and monitoring of all systems and data assets. We create backups nightly to ensure all data assets are secured (and encrypted) so that if there was a problem we can quickly isolate, purge, and restore infected systems without loss of productivity.
The Digital Pharmacist technology team educates the entire organization on best practices such as reporting suspicious emails and not opening attachments from unknown senders. As problems occur, we execute a fast moving communication plan informing team members of any actions needed to further protect our data.
What can you do?
The current “WannaCry” attack has been especially effective and is primarily delivered via an email attachment. However, a virus can also be delivered through malicious website links, so be cautious as you browse the web.
Here are actions you can take to protect yourself from this and future malware:
- Do not open email attachments or click on links in emails unless you are confident in the source.
- Remain cautious over the coming weeks as “spoofed” emails can appear to be from a reputable source. It’s highly likely that copycat malware will capitalize on the success of this recent attack and release similar ransomware.
- Make sure you have malware protection software and that it’s up to date.
- Run Windows Update on your home and office computers immediately. Ensure Microsoft bulletin MS17-010 has been applied.
- Have an effective backup strategy for your files so that you can restore in case there is a problem.
- Educate your team about these risks. Caution them to be suspicious about emails and web sites. Make sure there is solid understand the dangers of phishing, ransomware, social engineering and other common attack vectors.
We all have a heavy dependency on technology to run our business and personal lives. It is important to think of security or our virtual assets in the same we do our physical assets. The data you use to treat patients and deliver service is one of your strongest assets. In addition to deploying security software as part of a strong prevention strategy, it is essential you continue to keep your systems up to date on the latest software versions and take the time to invest in user education.