There's some good news and bad news to report on the health care front as it pertains to equipment use. The bad news is that malware attacks are on the rise. The good news is that the U.S. government is aware of it and is arming hospitals and medical facilities with some tips to avoid downloading malicious software or visiting harmful websites.
The U.S. Department of Health and Human Services recently released a caution and warning to all health care facilities around the country, urging them to be more vigilant about online cyberthreats that can take over entire networks if employees click on links or enter them into web address bars. It's called ransomware, and as its name suggests, it works by preventing online users from accessing data and websites through encryption unless they pay a fee. However, even if the ransom is met, there's no guarantee that the hacker will provide the decryption information to free up what's been frozen.
HHS isn't the only government organizations that's warned businesses and consumers about this emerging cyberthreat. The FBI has issued similar alerts.
"Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyberattacks, particularly against organizations because the payoffs are higher," the FBI said in a statement. "And if the first three months of this year are any indication, the number of ransomware incidents – and the ensuing damage they cause – will grow even more in 2016 if individuals and organizations don't prepare for these attacks in advance."
Health care facilities possess highly sensitive material and the assurance of their security is especially crucial today, given privacy laws related to the Health Insurance Portability and Accountability Act.
The following are a few ways HHS urges health care organizations to protect against ransomware and other online viruses:
Implement a security management plan
For health records to remain private, a security plan is paramount. The process should include means testing through risk analysis, which can identify any threats that may result in the theft of electronic data where vulnerabilities exist.
Train staff to identify ransomware
Ransomware work by essentially hiding in plain sight. In other words, internet addresses may seem like legitimate websites but in reality are malicious. Staff members should be up to date on classic signs suggesting links may be malware-related. Textbook indications are misspellings or links sent from unfamiliar email domains. Staff should also know what computer performance symptoms are indicative malware has been downloaded, like a sudden inability to access files or relocated data.
Attacks should be reported immediately
Each malware attack is unique, but in virtually every instance, it's crucial to act quickly to overcome the virus. Users who think they may have fallen victim should inform their superiors so that emergency response planning can be implemented. Health care facilities that fall under the HIPAA banner are required to develop this kind of planning. Further information on this can be found at the U.S. Department of Commerce website.
Equipment and healthcare industry piece brought to you by Marlin Equipment Finance, a nationwide provider of commercial lending solutions for small and mid-size businesses. Marlin's equipment financing and loan products are offered directly to businesses, and through third party vendor programs, which include manufacturers, distributors, independent dealers and brokers in the security, food services, healthcare, information technology, office technology and telecommunications sectors.