Ifa EHR Newsletter- June 2016: Fighting Cyber-Attacks

A big topic in the news recently concerns cyber-attacks from viruses such as the Ransomware Virus. You may have heard about it. You may have even read articles about it affecting hospitals in your area. Protection from attacks can be straightforward. We’ve asked cyber security specialist, Rob Campbell, of Med Cyber-Security LLC, to share some security tips for you to consider using at your practice. Rob specializes in cyber security in healthcare and consults with a number of our practices on their security protocols.

Read: Ransomware Leads to EHR Downtime at DC-Area Health System

Understanding Ransomware

Rob Campbell, Med Cyber-Security LLC

Ransomware has become a very real issue. In a recent review of the EHR Intelligence article, the latest attack affected a hospital chain on the MedStar Health network. Nearly ten hospitals in Maryland and Washington, DC were forced to use emergency backup systems when 30,000 staff and 6,000 physicians began experiencing problems. The Medstar Health officials were required to remove the hospitals’ email and EHR systems from the web in order to prevent the virus from spreading throughout the organization. The cause of the hack is under investigation. According to a MedStar Health employee, “Even the lowest-level staff can’t communicate with anyone. You can’t schedule patients, you can’t access records, you can’t do anything.” As a result, all MedStar users were forced to move to back-up systems and paper records.

How to Protect Your Business

Below are five tips to help protect your practice from Ransomware.

1.  Create functional backups. Backups must be detached from the network.

2.  Enable audit logging on file servers. This may pinpoint infected systems encrypting files.

The most common ways networks are infected are:

  • Malicious attachments sent by emails.
  • Emails with URLs (links) to malicious documents.
  • Exploited web browsers.

3. Establish/Review your ‘Bring Your Own Device’ (BYOD) policy to limit impact to your network.

4. If attacked, unplug infected systems from the network, including wireless networks.

5. Also, think twice about paying the ransom. Paying a ransom means that you will perpetuate Crypto Ransom.

Rob Campbell can be reached at (P): 301-266-2457 / E-Mail: rc@medcybersecurity.com