ENTtoday
  • Home
  • COVID-19
  • Practice Focus
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Departments
    • Issue Archive
    • TRIO Best Practices
      • Allergy
      • Facial Plastic/Reconstructive
      • Head and Neck
      • Laryngology
      • Otology/Neurotology
      • Pediatric
      • Rhinology
      • Sleep Medicine
    • Career Development
    • Case of the Month
    • Everyday Ethics
    • Health Policy
    • Legal Matters
    • Letter From the Editor
    • Medical Education
    • Online Exclusives
    • Practice Management
    • Resident Focus
    • Rx: Wellness
    • Special Reports
    • Tech Talk
    • Viewpoint
    • What’s Your O.R. Playlist?
  • Literature Reviews
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Events
    • Featured Events
    • TRIO Meetings
  • Contact Us
    • About Us
    • Editorial Board
    • Triological Society
    • Advertising Staff
    • Subscribe
  • Advertise
    • Place an Ad
    • Classifieds
    • Rate Card
  • Search

Ransomware: What It Is and How to Prevent It

by Steven M. Harris, Esq. • December 6, 2017

  • Tweet
  • Email
Print-Friendly Version
© Imilian / shutterstock.com

© Imilian / shutterstock.com

Every day, more than 5 million records are lost or stolen. That’s more than 217,000 records per hour, 3,600 records per minute and 60 records every second. Due to increasingly sophisticated hacking tactics and ransomware, it’s anticipated that the number of reported breaches will continue to rise at an accelerated rate.

You Might Also Like

No related posts.

Explore This Issue
December 2017

In August, the list of reported Health Insurance Portability and Accountability Act (HIPAA) breaches broke a new record. More than 2,000 breaches affecting 500 or more individuals have been reported to the OCR since 2009. It took nearly five years for the wall of shame to reach 1,000 breaches affecting 500 or more individuals and reporting has since increased due in part to OCR’s ramped up enforcement efforts, which seek to hold covered entities responsible for failure to report a breach within 60 days of discovery. This evokes extreme concern.

In addition to the recent milestone, the wall of shame underwent a significant makeover in July, which now enables users to view breaches currently under investigation that were reported within the previous two years, all breaches reported more than two years ago and all breaches since 2009 for which OCR investigations have concluded. There is also a research report function that provides the total number of breaches reported to the OCR, regardless of whether they are still under investigation or when they were reported.

In light of this, it is critical that you assess your compliance with the HIPAA Privacy and Security rules and continuously educate staff on HIPAA compliance. Analyzing a security incident and determining that a breach occurred can be a complex analysis that significantly cuts into the 60-day notification window. You must understand the notification requirements to ensure that notifications are filed timely in the event of a breach. Understanding your legal obligations under HIPAA can reduce the risk of a security incident. The key is understanding your system’s vulnerabilities and what external threats may affect your security—and then educating your staff on those threats.

Ransomware

One of today’s biggest threats is ransomware. In its June 12, 2016, guidance on ransomware, the U.S. Department of Health and Human Services (HHS) described it as “a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.” After the data is encrypted, a ransom note typically appears, which demands payment (usually in cryptocurrency, such as Bitcoin) so the user can receive a decryption key.

Certain ransomware variants encrypt the data on the server, while others are capable of destroying or exfiltrating data outside of the affected system. Most recently, in May 2017, the wannacry ransomware made headlines when it infected computer systems globally.

Beyond the Ransom

Historically ransomware has been used by cybercriminals to extort money from unsuspecting businesses and individuals. It was very simple: The data of affected businesses or individuals was held hostage until the owner of the data paid a ransom in exchange for a decryption key to unlock the data.

Fast forward to today and the ransomware game has changed significantly. The objective is no longer just about the money. The mission is now to cause widespread disruption. In fact, the cyber criminals from the notpetya global ransomware attack that occurred on June 27, 2017, walked away with only $10,000. However, the attack caused severe damages to many businesses, with some businesses losing between $200 million and $300 million in damages resulting from the interruption.

Analyzing a security incident and determining that a breach occurred can be a complex analysis that significantly cuts into the 60-day notification window.

Preventing Attacks

Because the goal of ransomware is to encrypt your files and effectively disable access to them, the first and best line of defense is to make sure you back up your data regularly. It is recommended that the backups occur at least daily. Also, the backup should be encrypted.

In addition, exercise extreme caution when opening unsolicited attachments. Ransomware is often embedded in documents included as attachments to email. Train (and then retrain) your staff to recognize a suspicious email to mitigate the chance that an unsolicited attachment will be opened.

It is also recommended that you limit the number of users who have access to your system to only those individuals who absolutely need access to perform their job functions. Doing so inherently reduces your exposure.

Finally, don’t put all your eggs in one basket. In other words, segregate your programs through the use of secure firewalls and separate servers. This can help prevent an infection from spreading across all your data, thereby shutting down your business.

These are just a few preventive measures you should take to prevent an attack. There are certainly other measures you can and should take to enhance overall compliance and prevent unauthorized access. These include implementing a written information security plan, performing external penetration testing, implementing privacy and security policies and procedures, implementing and periodically testing an incident response plan, and conducting regular and periodic training for your employees.

Now What?

If you fall victim to ransomware, you should immediately notify your cyber liability carrier and legal counsel. These resources will be able to assist you in navigating the attack. With many ransomware attacks, it is necessary to engage a forensic IT firm to conduct an analysis of the affected system to determine the extent of the impact and whether the particular ransomware variant is capable of accessing or exfiltrating data, which is a critical factor in a ransomware risk analysis. Your cyber liability insurance carrier and your legal counsel can put you in touch with such a firm. To retain attorney-client privilege over the results of the forensic investigation, the forensic IT firm should be retained by your legal counsel on your behalf.

It is recommended that you not pay the ransom. Doing so only funds cybercriminals and encourages them to continue their bad acts. More importantly, paying the ransom does not guarantee you will be able to regain access to the encrypted files. Victims who pay are often provided with inadequate encryption keys that either don’t work at all or decrypt only some of the files.

Instead of paying the ransom, restore affected files from reliable backups. Your IT manager or vendor should be able to assist with restoration. It is certainly mitigating if you can conclusively prove that all affected data has been restored to the state that it was in immediately prior to the ransomware infection.

Once the forensic investigation and restoration are final, work with your legal counsel to analyze the incident. A risk assessment under HIPAA is a very complex analysis of the facts and their interplay with HIPAA. Therefore, it’s important to work with an attorney who specializes in data privacy. Failure to work with a specialist could result in an improper determination that a breach did or did not occur, which carries with it the risk of reputational harm, potential OCR investigations, and fines and penalties. For this reason, the analysis must be properly conducted by someone with significant experience.

Final Thoughts

The unfortunate truth is that in today’s age, it is not a matter of if a breach will happen, but instead when will a breach happen. Although this mentality seems pessimistic at best, treating data privacy in this manner will enhance your compliance and mitigate risks to your system. Taking a proactive approach to compliance enables you to determine your system’s weaknesses and overcome those weaknesses with little or no repercussions, as opposed to waiting for a breach to happen to rectify any system vulnerabilities.

Cyber criminals are becoming more and more sophisticated each day, so now is the time to evaluate your system and confirm that you are situated the best you can be in the event a security incident. Don’t wait until it’s too late, or you may find yourself on the wall of shame.


Steven M. Harris, EsqSteven M. Harris, Esq., is a nationally recognized healthcare attorney and a member of the law firm McDonald Hopkins LLC. Contact him via email at sharris@mcdonaldhopkins.com.

Filed Under: Departments, Legal Matters Tagged With: cyber security, data breach, ransomeware definition, ransomeware protection, ransomware, ransomware attackIssue: December 2017

You Might Also Like:

The Triological SocietyENTtoday is a publication of The Triological Society.

The Laryngoscope
Ensure you have all the latest research at your fingertips; Subscribe to The Laryngoscope today!

Laryngoscope Investigative Otolaryngology
Open access journal in otolaryngology – head and neck surgery is currently accepting submissions.

Classifieds

View the classified ads »

TRIO Best Practices

View the TRIO Best Practices »

Top Articles for Residents

  • Do Training Programs Give Otolaryngology Residents the Necessary Tools to Do Productive Research?
  • Why More MDs, Medical Residents Are Choosing to Pursue Additional Academic Degrees
  • What Physicians Need to Know about Investing Before Hiring a Financial Advisor
  • Tips to Help You Regain Your Sense of Self
  • Should USMLE Step 1 Change from Numeric Score to Pass/Fail?
  • Popular this Week
  • Most Popular
  • Most Recent
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • Neurogenic Cough Is Often a Diagnosis of Exclusion
    • Complications for When Physicians Change a Maiden Name
    • Vertigo in the Elderly: What Does It Mean?
    • Some Laryngopharyngeal Reflux Resists PPI Treatment
    • Vertigo in the Elderly: What Does It Mean?
    • New Developments in the Management of Eustachian Tube Dysfunction
    • Some Laryngopharyngeal Reflux Resists PPI Treatment
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • Eustachian Tuboplasty: A Potential New Option for Chronic Tube Dysfunction and Patulous Disease
    • How To: A Modified Endoscopic Draf III Approach for Dermoid Cysts
    • How To: Inferior Meatus Augmentation Procedure for Empty Nose Syndrome
    • Otolaryngology Resident Says Art Helps Her Process Ideas on Wellness, Burnout
    • Age-Related Hearing Loss Is Associated with Incident Dementia in Adults Over 60
    • COVID-19 Associated with Upsurge in Otolaryngology Publications

Polls

Do you report near-miss or no-harm events to your patients?

View Results

Loading ... Loading ...
  • Polls Archive
  • Home
  • Contact Us
  • Advertise
  • Privacy Policy
  • Terms of Use

Visit: The Triological Society • The Laryngoscope • Laryngoscope Investigative Otolaryngology

Wiley
© 2022 The Triological Society. All Rights Reserved.
ISSN 1559-4939