What to Do When Your Clinic Gets Ransomware

One of the worst things your company can hear is that ransomware has attacked your organization.

The amount of ransomware in healthcare has only increased over time. The attackers are changing their targets to form the expertly defended finance firms and retail establishments to healthcare, the last big goal.

Companies usually pay to make the problem go away. Ransomware has been a part of the daily grind for a while and if the ransom is possible to pay, it’ll usually get paid.

As demands for money are skyrocketing and the of organizations not paying continues to grow. Ransomware will become a more significant problem before it becomes a more manageable one.

So here’s how to protect yourself against ransomware// MedStar hack.

Wait A Minute, Is Ransomware A Big Deal?

An example of a stream of ransomware caught up to Hollywood Preyperterian, MedStar Health in Washington, D.C, Kings Daughter Health in Indiana, three Southern California Hospitals owned and operated by Prime Healthcare service and Methodist Hospital in Kentucky.

Also, the threat has escalated and is changing in the way that the external perimeter is going away says Elliott Frantz, CEO of ethical hacking firm Virtue Security.

“Organizations used to have an internal network, and they could secure the outside of it to make sure an external hacker could not penetrate it,” Frantz said.

Its easier than ever to get access to a hospital’s network and break into the device. Mostly because the proper safety precautions aren’t in place.

“All that said, there are steps you can take to a hospital and healthcare facility that can increase its defenses against hackers and prevent ransomware attacks. Lots of these strategies are not hard to set up.

How To Protect Yourself Against Ransomware// MedStar: Hack Backing Up Your Data

I know what your thinking. Backing up your data is such an obvious and easy thing to do, why even mention it? But cybersecurity experts everywhere will remind you, “Why do you think the healthcare organizations pay the ransom?”

It might seem obvious to you but check out the ransomware cases. The hacking is getting more aggressive, and ransomware is the most effective when companies don’t back up their data and have no choice but to pay the price. Healthcare organizations need to make sure they are backing up their data on a regular basis.

There are lots of cases where that isn’t the case. Occasionally the vendors that make it their business to back up and safeguard data can be helpful when protecting itself from ransomware. For example, in a recent case that made headlines, a hospital was attacked by hackers using ransomware and demanded $17,000 to restore access.

Real-time backup systems are crucial to fighting this kind of cyber attack. Because if the data is backed up, valuable information will be safe and the healthcare organization won’t have to pay to get the info back. And thus removing the reason a hacker would want to attack the organization in the first place.

The Gold Image Of Configurations And Systems

Along with backing up your data, clinics and healthcare organizations can protect themselves from ransomware by also backing up their systems and configurations. In the industry, how to prevent ransomware by this method is called the gold image.

“one solution is to keep a data backup offline while maintaining a gold image,” said Adrian Sanabria, senior analyst, information security, at 451 Research, an information technology research and consulting firm.

A gold image is jargon for when an organization needs to know how to protect your networks from ransomware by getting things back to normal. An organization or vision can place back on systems to run fast and backed up quickly. A backup will have all your data; a gold image will reset your entire system back to day one.

Healthcare organizations need these strategies to survive and thrive against these cyber attacks.

Come Up With A Plan

While fighting off ransomware, healthcare organizations should know what would happen if the cyber attack breaches their defenses. That way organizations can understand how to prevent ransomware circumstance and stop the attack from ever happening in the first place.

“Healthcare organizations should have good risk assessments and business impact analyses, and should make a list of the systems that would put them in hot water if the systems stopped functioning,” Sanabria said.

Healthcare organizations should various tiers that protect business impact analysis. If a hacker hits Tier Zero, we’re in hot water and cannot go on. And then a ladder of tiers from there.

Start with making a list of your crucial systems and start figuring out how to solve ransomware on each system. If there is any system that is crucial to the well-being of the organization, serious protection is needed. However, if the system can be compromised and restored in an hour or less that’s a different story.

How to prevent ransomware? This fact is the planning necessary as hackers are known for hitting hospitals because those organizations usually pay the money.

Hire Great Cybersecurity Experts

In the war against cyberattacks, healthcare organizations would do well to external white hat hackers as well as an internal team for protection.

“The help of good cybersecurity companies and using the companies to help pay attention to the best security practices of the day,” said Whitley of the Georgia Center of Innovation for IT.

You need cybersecurity partners that are capable. A solid plan is important, but if you don’t have the right people to conduct an analysis. Some healthcare organizations get two or more companies on board for multiple perspectives.

They also usually know what measures to implement and what bugs to watch out for.

Take Cybersecurity Seriously

Figuring out cybersecurity on top of all the responsibilities you already have can be a chore. But take how to protect against ransomware seriously, and you can avoid a world of hurt other healthcare organizations had to go through.

Learn more about support services to help protect your clinic right here

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top