Federal Trade Commissioner provides guidance on how to defend against Ransomware…
November 13, 2016 |
Ransomware is a chronic problem, particularly in the health sector which is reliant on very sensitive records, including those of patients, and in a work environment which has a high turnover of staff and generally a poor privacy culture. Ransomware is almost invariably delivered by email sent to a user of the system who has rudimentary or no knowledge of basic cyber security.
Yesterday a dermatology clinic in San Antonio advised was attacked in September stating:
On or around September 12, 2016, Seguin Dermatology, the office of Robert J. Magnon, M.D., suffered a ransomware attack. The ransomware attack resulted in its server being encrypted. Seguin Dermatology was able to remove the ransomware from its server. Subsequently, a forensic examination of the affected server was performed. On or around October 26, 2016, it was concluded that there was a high likelihood that protected health information (PHI) was accessed. Also, it could not be ruled out that confidential information may have been removed from the server. The server did not contain medical records, laboratory reports, credit card information or bank account information. However, the server did contain demographic information to include patient names, addresses, telephone numbers, and dates of birth; insurance billing information; and Current Procedural Technology (CPT) codes. Some patients also had their Social Security Number on the server.
Seguin Dermatology takes the security of PHI very seriously. We immediately contacted an IT company, had the ransomware removed from the server, and investigated whether patient information was affected. Upon learning the results of the forensic investigation, we immediately took steps to notify all affected patients. To prevent this from happening again, we are conducting a review of our physical and computer security, reassessing our office’s policies and procedures, and performing staff training. We continue to monitor the situation and will notify you as necessary.
We have arranged with Equifax Personal Solutions to help protect the identity and credit information of patients who had their Social Security Number affected. Please call (844) 512-9013 Monday through Friday from 9:00 AM to 9:00 PM Eastern Standard Time to determine whether you were affected. Also, if any patient has questions, you can call this same number to speak with a customer service representative about the incident.
Patients also can place a fraud alert on their credit files with the three major credit reporting agencies. A fraud alert is a consumer statement added to one’s credit report. The fraud alert signals creditors to take additional steps to verify one’s identity prior to granting credit. This service can make it more difficult for someone to get credit in one’s name, though it may also delay one’s ability to obtain credit while the agency verifies identity. Patients can contact the three main credit reporting agencies at:
Equifax 1-800-525-6285 www.fraudalerts.equifax.com
Experian 1-888-397-3742 www.experian.com
TransUnion 1-800-680-7289 www.transunion.com
We deeply regret any inconvenience this incident may have caused. If patients have questions, please call (844) 512-9013 Monday through Friday from 9:00 AM to 9:00 PM Eastern Standard Time.
This received coverage in the San Antonio Express News with Ransomware attack targets Seguin dermatology practice. In October a Children’s clinic suffered a ransomware attack requiring notification of 33,368 patients.
Why undertake ransomware attacks. Money. CSO reports that a single ransomware author netted $94 million in ransomware payments in the first half of this year. That figure is based on a McAfee Threats Report released in September 2016.
In that context it is not surprising that the FTC has issued guidance on how to defend against ransomware, providing:
How can I defend against ransomware?
- Update your software. Use anti-virus software and keep it up-to-date. And set your operating system, web browser, and security software to update automatically on your computer. On mobile devices, you may have to do it manually. If your software is out-of-date, it’s easier for criminals to sneak bad stuff onto your device.
- Think twice before clicking on links or downloading attachments and apps. According to one panelist, 91% of ransomware is downloaded through phishing emails. You also can get ransomware from visiting a compromised site or through malicious online ads.
- Back up your important files. From tax forms to family photos, make it part of your routine to back up files on your computers and mobile devices often. When you’re done, log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.
What if I’m a victim of ransomware?
- Contain the attack. Disconnect infected devices from your network to keep ransomware from spreading.
- Restore your computer. If you’ve backed up your files, and removed any malware, you may be able to restore your computer. Follow the instructions from your operating system to re-boot your computer, if possible.
- Contact law enforcement. Report ransomware attacks to the Internet Crime Complaint Center or an FBI field office. Include any contact information (like the criminals’ email address) or payment information (like a Bitcoin wallet number). This may help with investigations.
Should I pay the ransom?
Law enforcement doesn’t recommend paying the ransom, although it’s up to you to determine whether the risks and costs of paying are worth the possibility of getting your files back. If you pay the ransom, there’s no guarantee you’ll get your files back. In fact, agreeing to pay signals to criminals that you haven’t backed up your files. Knowing this, they may increase the ransom price — and may delete or deny access to your files anyway. Even if you do get your files back, they may be corrupted. And you might be a target for other scams.
[…] Federal Trade Commissioner provides guidance on how to defend against Ransomware… […]