Manage Learn to apply best practices and optimize your operations.

HHS releases guidance on ransomware attacks

Maybe your healthcare organization has experienced a ransomware attack recently. Well, you certainly are not alone.

Ransomware attackers have mounted 4,000 daily attacks against healthcare organizations in early 2016 alone. That’s a 300% increase from the 1,000 daily ransomware attacks reported in 2015, according to a recent U.S. Government interagency report.

That number is pretty staggering.

The U.S. Department of Health and Human Services (HHS) recently published guidance on ransomware including how to know if your healthcare organization is under attack, how to recover, and how to know if HIPAA has been violated.

In general, HHS says that HIPAA compliance can help covered entities, as well as business associates, not only prevent ransomware attacks but also help them recover.

Some key indicators of a ransomware attack, according to HHS, are:

  • Clicking on malicious links or file attachments
  • Increased activity in the central processing unit (CPU) and disk activity for no apparent reason
  • Inability to access certain files
  • Detection of suspicious network communications

HHS recommends that if an entity believes a ransomware attack is underway, it should immediately activate its security incident response plan, which should include determining the scope and origination of the attack, whether the attack is finished, and how the attack occurred.

Once these initial steps have been taken, HHS recommends that a covered entity then work to contain the impact and propagation of the ransomware, and then eradicate the ransomware.

Once this is done the covered entity should mitigate vulnerabilities, restore the data lost in the attack in order to recover, and then conduct post-incident activities. These should incorporate deeper analysis of the evidence to determine whether the entity has any regulatory, contractual or other obligations as a result of the attack.

Lysa Myers, security researcher at cybersecurity firm ESET North America, said in an email that generally the guidance from HHS was good. However, “I would like to see a bit more about specific techniques and tactics to prevent malware, such as: patch or update software regularly, show hidden file-extensions, and block executable files sent in email,” she said.

(SearchHealthIT contributorReda Chouffani, in a recent story, details ten ways to stop and avoid a ransomware attack.)

Meanwhile, Myers said the government guidance will — without being an unnecessary burden — help healthcare organizations better protect themselves—against ransomware and malware, and many other types of breaches as  well.

“By adding additional techniques like encrypting sensitive data when it’s stored or when it’s sent via the Internet, and using multi-factor authentication, they can significantly impact their level of risk,” Myers said.