Questions and answers about ransomware

Unless you’ve been living under a rock or on a remote island, you know that ransomware has become part of everyday life on this planet. Not a day goes by that there isn’t news of some major company or organization that has been a victim of an attack. With so much discussion about ransomware, we should take a step back to understand what it is and why it matters.

What exactly is ransomware?

Ransomware is pretty much what the name implies. It is a class of malware (viruses) that, once it attacks your computers, can lock your critical files and demand that a ransom be paid to receive the unlock key. The ransom can range from a few thousand dollars to many millions of dollars; it’s often related to the size of the business being attacked and its ability to pay the ransom. If the files are locked, you are prevented from accessing any of them without a decryption key.

How does my system get infected with ransomware?

There are many ways your system can be infected. The most common is when you or a staff member clicks on an email that contains the ransomware virus. The email can be a link or an attachment. Some malicious websites have ransomware that can infect your systems just by visiting the site. Many other viruses can spread because of vulnerabilities in the Windows operating system.

Is ransomware a big deal?

In a word, yes! Forget for a moment that having your files locked would disrupt your day (or days) completely. If you are hit with a ransomware virus, you must declare a breach, according to a memo from the Office for Civil Rights on July 12, 2016. The Breach Notification Rule is quite clear: You must notify all your patients in writing, notify the local news media, and have your practice listed on the Department of Health and Human Services Wall of Shame website. It would be devastating for any practice to have to do this.

Can I protect myself against ransomware?

Absolutely. Good antimalware software is a must, but I also suggest investing in ransomware-specific products such as Intercept X (Sophos) or HitmanPro (Sophos). A newer technology, application whitelisting, prevents any unapproved software from running. You should have your systems updated on a regular basis; this is called patch management and is required by the Health Insurance Portability and Accountability Act (HIPAA). You also need to take time to educate yourself and your staff to recognize malicious emails and websites and learn what to avoid.

Should I pay the ransom if my system gets infected?

This is a tough question to answer. The offices we support all have encrypted backups, and in most cases, we can restore from a backup. Of course, steps would need to be taken to remove the virus from your network before doing this.

If you don’t have a good backup, your options are more limited. In many instances, paying the ransom will get you the unlock key. The criminals who do this realize that if they didn’t provide the keys, people would eventually stop paying. However, we have seen a few cases where the money was paid and no key was provided, or if it was, it didn’t work to restore all the files.

Also be aware that you can’t send these people a check or pay with a credit card. They will require that you use a digital currency, such as Bitcoin, which is anonymous and difficult to trace back to an individual owner.

What should I do at this point?

Review your security systems in place. HIPAA demands that you do a formal risk assessment and develop a management plan, and there’s no time like the present to start. Evaluate your firewalls, antimalware software, backups, and disaster recovery systems in place, as well as your system for patching your software. Protect yourself now before it’s too late!

Lorne Lavine, DMD is the founder and president of The Digital Dentist, a company in California that focuses on the specialized technological and HIPAA needs of the dental community. He has more than 30 years invested in the dental and dental technology fields.