Healthcare ransomware has quickly become one of the top cybersecurity concerns for both covered entities and business associates, according to a recent HealthcareIT Security blog post.

Without proper training and a thorough backup plan, organizations could find themselves in trouble should an attack take place.

“Ransomware attacks two or three years ago, coming out of different countries weren’t attacks against people or 10,000 computers at once,” Anderson explained. “It would be on a very individual level, trying to unlock a computer to get the information.”

Critical Points:

  • Covered entities need to have employees at all levels thoroughly educated on ransomware and how they need to react should an incident happen.
  • There must also be a proactive plan in place for what should occur in the wake of a ransomware attack.
  • Outdated IT architectures can also be particularly harmful. A failure to put in necessary patches to protect those systems makes it easier for cyber criminals to get in.
  • End-user training was also highlighted as a key area for healthcare organizations to cover.
  • Response is necessary, and healthcare organizations need to have a recovery plan in place.
  • Working with local and federal authorities is essential.
  • Submitting to ransom demands absolutely bolsters the attackers and they will definitely go after more targets.”