Attackers are using new and more creative ways to deploy ransomware onto victim computers. Each year, billions of dollars are made because of ransomware payments to criminals and nation-states around the world. Because of this, attackers are always looking for more creative and efficient ways to get their malware onto victim computers. We spend a lot of time discussing ransomware because it is considered a HIPAA violation and can also be very expensive for a practice to eradicate. In some cases, practices have gone out of business because they were unable to restore their data after an infection. In November 2022, Rackspace, one of the world’s largest email providers to small and medium-sized businesses, was hit with ransomware. At the time of writing, they are still down leaving tens of thousands of businesses and millions of users without their corporate email.

In addition, in December 2022, the FBI’s Infragard membership was hacked and the entire membership database was offered on the Dark web for sale. Infragard is a partnership between the government and the tech sector to help provide information about types of attacks, new threats, and what is happening in the world of cybersecurity. What makes this attack so damaging is that Infragard’s members have been thoroughly vetted by the FBI and the database contained the contact information of the CEOs, CISOs, and other top executives of many of the largest companies in technology, finance, and utilities.

Ransomware isn’t going away because there is just too much money to be made. So we need to do our part to protect ourselves, our practices, and our patients.

How do we get ransomware?

There is no one way to get ransomware. In the past, it may have come because of a phishing attack, but today, if there is a way for an attacker to get into a network, that could result in a ransomware infection. While a phishing email is the most common, there are many others.

• If a practice doesn’t have a firewall, or their firewall isn’t properly configured, this will allow an attacker to gain access to the network.
• An attacker can break weak WiFi encryption and gain access to the network from outside the practice’s walls.
• Unpatched software vulnerabilities allow attackers to exploit and take over computers and other network devices
• Infected flash drives can be plugged into practice computers and launch malware across a network

As users, the most important things you can remember are to make sure you carefully monitor your emails and don’t click the links in any message. IF you need to log into a site, close the email, open your browser, and manually type the URL of the website. Don’t plug any flash drives into your computer that you aren’t absolutely sure of their origin. Use some form of multi-factor authentication on your accounts to provide an extra layer of protection.

For practice managers, make sure that all computers are patched and kept up to date. Ensure that your practice has a firewall installed and it is monitored. Use some form of multi-factor authentication on all accounts, and use a strong password for all wireless access.

Ransomware isn’t going away any time soon so we all have to do our part to help keep it off of our networks.