Requests for ransom in the medical field

Health organizations are aware of the ubiquitous piracy threats to their information systems. This threat brings into play their efforts and reputation for compliance.

Ransom demands are changing the way health care organizations are now dealing with security. For years, the best security professionals have fought against theft of data for the benefit of an organization, against theft of unprotected laptops or against espionage of employees’ health records. The main incentive for protection was mainly financial sanctions and corrective action plans.

The attack with ransom demand is different. The information remains in the supplier’s system, but becomes inaccessible, locked up until a provider makes a financial payment to release it or supposedly release it. This scenario seemed impossible, until actuality revealed it as a real practice. The technique of piracy with ransom is widely available and inexpensive to implement. Cyber criminals do not encounter any incentive to cease their actions. The cost of hacking and infecting computers is low, although only 10 percent of victims end up paying the ransom.

Damage caused by ransom attacks is financial first. They harm also the reputation of the institution and undermine the trust of the patient. With this threat to these health data, organizations need to put in place specific contingency plans. Do they have to pay the ransom and retrieve their data? What certainties can they have on the conduct of such swindlers? Some hospitals paid the ransom in bitcoins after trying to negotiate for ten days. Others also paid, but did not get anything in return.

Health organizations must prioritize risk management practices and follow core practices. The best solution is to use good backup policies, firewalls with virus detection, and put in place a high level of employee safety training. The number of data points must be reduced so that monitoring can be carried out more effectively. Software has been developed to eliminate malware by moving it into a virtual machine that looks exactly like a computer user.

Proactive security will always be less costly than reactive security. Visit also www.information-management.com/

 

 

 

© 2015 Strategies Telecoms & Multimedia | Contact |  -