Avoiding a Ransomware Attack

Advances have enabled cybercriminals to conduct ransomware attacks on healthcare professionals' computer systems, putting PHI at risk.

Risk Management

Avoiding a Ransomware Attack

Technological advances have made it easier for patients to access their health information. From a patient-rights perspective, this is good news. However, the bad news is these same advances have enabled cybercriminals to conduct ransomware attacks on healthcare professionals' computer systems, putting private patient health information (PHI) at risk.


Ransomware attacks begin when a cybercriminal sends a healthcare professional an eye-catching email link to contagious attachments. Once a person clicks on the link and downloads the attachment, the computer’s information becomes encrypted and frozen with malware. A “ransom note” then appears on the computer screen, demanding the user pay a ransom in exchange for a key code to unlock the data.

Since early 2016, there have been an average of 4,000 daily ransomware attacks (a 300 percent increase over the 1,000 daily ransomware attacks reported in 2015).1 An estimated half a billion dollars has been paid in ransoms, usually by bitcoin (a digital payment system in which transactions take place between users directly, without an intermediary). In February 2016, Hollywood Presbyterian Medical Center in California revealed that they paid hackers a ransom in bitcoin amounting to the equivalent of $17,000.2

Here are tips to avoid a ransomware attack (or at least minimize its damage if an attack is in process or has occurred):

  1. Back up your most important files regularly and periodically review the backup to ensure its integrity and completeness. Some forms of ransomware will remove, encrypt or disrupt backups even in the Cloud. Consider maintaining any backups offline, away from any networks.
  2. Personalize your anti-spam settings. Configure your webmail server to block dubious attachments with extensions like .exe, .vbs or .scr.
  3. Refrain from opening attachments that look suspicious. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency or a banking institution.
  4. Think twice before clicking. Dangerous hyperlinks can come through social networks or instant messages. Senders may be using hacked accounts to appear as people you trust, including friends or colleagues.
  5. Keep your operating system and software up to date to help prevent a compromise. This includes antivirus, browsers, Adobe Flash Player and Java.  
  6. Instantly turn off the internet connection if you spot a suspicious program or application running on your computer. This may stop the ransomware from completing the encryption routine.
  7. Keep the Windows firewall turned on and properly configured. Enhance your protection by setting up additional firewall protection. Third-party security suites are available that enhance the security already built into Windows.
  8. Adjust your security software to scan compressed or archived files.
  9. Use strong passwords that cannot be easily guessed by remote criminals. Set up unique passwords for different accounts and change them on a regular basis, at least twice yearly.  Combinations of letters, numbers and special characters are recommended.
  10. Deactivate auto play so harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
  11. Disable file sharing to keep any ransomware infection isolated to your machine.
  12. Switch off unused wireless connections, such as Bluetooth or infrared ports. Bluetooth has been exploited to stealthily compromise systems. Use wired keyboards to prevent electronic eavesdropping.

Maintaining Awareness is Critical

At times, it can seem difficult to stay up to date with the latest cybercrimes, let alone understand which cyber risks are relevant to you. According to information technology experts, the next generation of ransomware includes the threat of leaking the information if payment isn’t made, so clearly this issue is not going away.

Nonetheless, it is incumbent on you to protect your patients’ PHI and other important practice data. This makes it essential that you remain vigilant and educated about possible ransomware risks.

1. United States Government Interagency Guidance Document, How to Protect Your Networks from Ransomware, available at https://www.justice.gov/criminal-ccips/file/872771/download

2. Ransomware takes millions, baffles law enforcement, http://thehill.com/policy/cybersecurity/270097-ransomware-takes-millions-baffles-law-enforcement


The information in the NCMIC Learning Center is offered solely for general information and educational purposes. It is not offered as, nor does it represent, legal or professional advice. Neither does this information constitute a guideline, practice parameter or standard of care. You should not act or rely upon this information without seeking the advice of an attorney familiar with the specific legal requirements of the state(s) in which you practice. If there is a discrepancy between the site and an insurance policy you have with NCMIC, the policy will prevail.