For healthcare organizations and medical clinics, installing a malware program and backing up your data in more than one place can help avoid problems like data breaches, ransomware, and wipers (malware that will wipe out data on a hard drive or network). But this needs to be part of a larger cyber-security effort designed to prevent hackers and thieves who want to steal data or do actual harm to an organization.
A recent spate of malware attacks have been wreaking havoc in healthcare organizations around the world. Designed to do permanent damage to a computer’s hard drive, the NotPetya attack has been unleashed in 64 countries. While 60 percent of the affected computers were in the Ukraine, computers in Brazil, Denmark, Russia and the United States were also targeted.
According to a July 2017 article in the UK’s Independent, more than 16 million patient records were stolen from healthcare organizations last year. And this year, Britain’s National Health Service was shut down by a ransomware attack that locked administrators out of the computers containing its records and booking systems.
What does this mean for your practice?
Quite a lot, and none of it good. First, if your hospital or clinic is the victim of a data breach, it’s your responsibility to notify everyone in your database of said breach. You might also have to provide a year’s worth of credit monitoring so your patients/clients can monitor their credit for unusual activity. And that’s to say nothing of the financial loss if your practice or agency is sued or the damage to your professional reputation.
Cyber security experts agree that healthcare organizations shouldn’t be asking whether they’ll get hacked, but when.
If we operate under that premise, we can take proactive steps to ensure that the likelihood is reduced, and the damage is minimized. Step one is to install a malware program to protect you from the most common attacks.
How a malware program works
A good malware program will protect your healthcare website against a variety of attacks, including Brute force attacks. With these, an automated program tries password after password until it finds one that works. Once the hacker’s in, it’s too late — you no longer have control. Other common hacker ploys include:
Includes viruses, Trojan horses and worms, which can do almost anything — steal information, erase data or infect your site visitors.
Software that’s designed to scope out personal information, financial details and passwords. To a hacker, these are the keys to the kingdom.
Distributed Denial of Service (DDoS)
These attacks flood a website or network with a steady stream of service requests, thus preventing actual human patients and customers from getting through. One October 2016 DDoS attack managed to disrupt internet access for the entire Eastern U.S. and part of Europe.
A hacker tricks a website into doing something it shouldn’t, like giving the hacker your entire client database. Or providing backdoor access to your system, where hackers can explore and copy at their leisure.
An attack that’s launched as soon as a new software vulnerability is discovered, but before a patch or repair is available.
Where hackers try to trick people into sharing their usernames and passwords by posing as a legitimate organization. Phishing attacks often appear as emails from banks, the IRS or even major vendors and corporations.
What kind of protection does my group need?
This isn’t the time or place to settle for something that’s “probably good enough.”
You need a malware program that will protect your entire website from the sneaky tactics hackers use.
Daily scans and a Web Application Firewall (WAF) like those provided by GoDaddy Website Security, powered by Sucuri, can detect and stop hacker attempts before they do any damage.
Having been the near-victim of several hacking attacks on my own website, I can tell you that an attack is damaging in itself. Not only is it important to protect all the content on your site, you need to back it up. (I now use plugins to protect my WordPress blog, in addition to the server’s security.)
More importantly, if your website is tied into your company’s network, hackers only need to compromise a single desktop or laptop to make their way into the entire system. If your website and your patient data exist inside the same system — as is often the case with organizations that allow patient web portal — you’re also vulnerable.
If you remember Target’s data breach a few years ago, the hackers got into the system through an HVAC vendor who fell victim to a phishing scam. They were able to get into Target’s entire network, including the software used to operate the deli scales.
Even your vendors who have their own portal need to practice good cyber security. Make sure they’re compliant with your best security practices and have their own security systems in place.
Don’t wait any longer
Cyber security is a major issue for corporations in general, but the healthcare industry is a particular interest to hackers and data thieves because there’s so much data to steal: personal information, financial details, insurance accounts, health data and so on. According to James Scott of the Institute for Critical Infrastructure Technology (ICIT) in Washington D.C.:
“Electronic health records are 100 times more valuable than stolen credit cards.”
Healthcare organizations would be wise to work with a cyber security specialist to make sure they’re protected. But they can start now by installing a strong malware program to protect their network and individual computers.
Too many bad actors and criminals have automated their attacks, so they can assault hundreds, if not thousands, of systems all at once. Having a strong cyber-security program in place can greatly reduce the risk of having your network hacked, your data stolen and your reputation irreparably damaged.
Editor’s note: Why worry about malware when GoDaddy can do it for you? Check out GoDaddy’s Website Backup service, which features built-in daily malware scanning, automatic daily backups, easy one-click restore and more.
Also published on Medium.