MC Hammer’s song title, “U Can’t Touch This” comes to mind when I think about ill-doers wanting to steal data and demanding us to pay in order to retrieve and access our own data files!

Cybersecurity and Infrastructure Security Agency (CISA) defines Ransomware, “as a type of malicious software, or malware, designed to deny access to a computer system or data until a Ransomware is paid.  Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website”.[i] Ransomware can be a shattering experience to any person or business. We don’t realize when faced with ransomware, the loss of efficiencies, a good company’s name in the headlines damaging their reputation, the amount of destroyed equipment, investigation(s), corrective action, and legal expenses, can be catastrophic. Ransomware compromises, actually prevents us, from accessing the data saved to a computer system or server and the process, not to mention the cost, to regain access to our computer information is burdensome. In many cases, a recovery specialist may be required to recover data.  There is no guarantee that we will recover our data files, even if the ransom is paid. Ransomware attacks pose a serious threat to HIPAA. In the Fall 2019 Cybersecurity Newsletter, the Office for Civil Rights (OCR) reported that the FBI estimates that ransomware infects more than 100,000 computers a day around the world and ransomware payments approach $1 billion annually.[ii]

How should we protect ourselves? According to US Government Interagency Technical Guidance Document, some preventive measures include, but are not limited to:

  • Implement an awareness and training program;
  • Enable strong spam filters;
  • Scan all incoming and outgoing emails to detect threats;
  • Configure firewalls to block access;
  • Patch operating systems, softwire and firmware on devices;
  • Set anti-virus and anti-malware programs to conduct regular scans automatically;
  • Manage the use of privileged accounts based on the principle of least privilege;
  • Configure access controls;
  • Disable macro scripts;
  • Implement software restriction policies;
  • Consider disabling remote desktop protocol if it is not being used;
  • Use whitelisting application.

What should we do if we are infected with ransomware? Remove the infected computer immediately from the network, power off the affected device, contact law enforcement immediately (local FBI field office or U.S. Secret Service), collect and secure partial portions of the ransomed data that might exist, change all online account passwords and network passwords after removing the device from the network, delete registry values and files to stop the program from loading.[iii]

Pay attention to the emails you receive, especially from the sender.  Look closely at the email address.  If it looks strange to you or there are many typos or grammatical errors in the subject line or in the email preview window, chances are, you are at risk of being attacked. Don’t touch that email! Report it immediately to your IT department.

 

Gina Tomcsik

Director of Compliance and Regulatory Strategy

[i] The Cybersecurity and Infrastructure Security Agency (CISA)
[ii] HHS.gov OCR Cybersecurity Newsletter
[iii] HHS.gov OCR Cybersecurity Newsletter