Cyber Security

When Malware Met Healthcare

When Malware Met Healthcare

By Lori Bolesta, System/Network Coordinator

Recent newspaper headlines have featured countless stories about malware attacks hitting organizations from all business sectors on a global scale. Healthcare organizations are particularly susceptible.

The reason is three-fold. First, healthcare organizations are more likely to pay the ransom than a business because their systems must remain operational. A hospital cannot afford system down time. Secondly, many healthcare organizations use unpatched legacy systems, again because they cannot afford the downtime required to update. Attackers are aware and capitalize on the opportunity. Finally, when comparing data security with medical research and patient care, funding data security is not always the top budget priority.

While it is impossible to predict when (not if anymore) a malware attack will affect your organization, there are ways to better defend yourself. These tips apply not only to healthcare, but to any organization:

  • Ensure updates and patches are implemented on a regular basis. Attacks are perpetrated through known system vulnerabilities, which are often patched; if updates/patches are not implemented regularly, hackers exploit the vulnerability.
  • Firewalls and email/web filters should be implemented.
  • Modern anti-virus software should also be implemented and updated regularly to ensure effectiveness.
  • Constant system monitoring to identify, stop, or prevent attacks.
  • Complete and recurring data backups prevent loss and allow for faster recovery times.
  • Employee education—I cannot stress this enough. There are simple techniques and solutions to enable employees to safely navigate the internet, identify potentially harmful emails, links, and websites, and operate safely.