Del Williams

With ransomware attacks on long-term care facilities increasing, managers are asking, “Are we vulnerable too?” or even “Are we next?”  

According to the Milwaukee Journal Sentinel, IT support company Virtual Care Provider Inc. was attacked by Russian hackers, affecting 80,000 computers and 110 nursing homes. Russian hackers used phishing emails on employees over 14 months to infect the company’s computers, gain access to its network and locate vulnerabilities. Later they gained control of administrators’ accounts, stealing their data. 

Providers encountered difficulties paying employees, ordering medications, accessing patient records and using the internet following the breach. According to the report, the hackers asked Virtual Care to pay a $14 million ransom to retrieve its data, but the company couldn’t afford it.

In another example, Lorien Health Services, a Maryland long-term care operator with nine locations, reported that data from 47,754 residents was stolen and encrypted by the ransomware strain NetWalker. When Lorien declined to pay the ransom, the attackers released screenshots of stolen data.

Today, long-term care facilities are all at risk.  The cost to facilities of paying a ransom, recapturing or rebuilding data, replacing compromised hardware and paying fines is escalating.  This is leading to accelerated premium increases and demands from insurance underwriters for long-term care facilities to prove they are doing more to protect their IT networks, hardware and data before providing quotes or extending policies.

According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

Although there are various measures that healthcare businesses can take to reduce the risk of becoming a ransomware victim – which can involve a loss of data and production for an indefinite period until resolved – managers shaken by the scope of the problem are increasingly turning to expert third-party cybersecurity firms for guidance and protection.

Any facility a potential victim

Global ransomware damage costs are predicted to hit $20 billion in 2021, up from just $325 million in 2015, according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac.

Cybersecurity Ventures, a leading researcher and trusted source for cybersecurity facts, expects businesses will fall victim to a ransomware attack every 11 seconds in 2021.

In the battle against ransomware, the challenge is that essentially any long-term care facility or healthcare business with older PCs, networks, firewalls or operating systems is vulnerable, particularly those that do not immediately update to the latest software to “patch” security issues, according to Yuriy Tatarintsev, manager of technical operations at BTI Communications Group, an IT cybersecurity and technology convergence provider.

Safeguarding facilities of all sizes

While keeping the entire healthcare business’s IT infrastructure and software fully up to date is the goal, even one PC running an older, unsupported version of Windows, for instance, can be “a chink in the defensive armor that invites intrusion,” states Tatarintsev.  

The fight against ransomware begins with having a companywide process to ensure that all machines are patched with the latest security updates from Microsoft and other applications as soon as they are released.

Next, defending critical healthcare business processes from attack goes beyond simple anti-virus protection that solely reacts to known threats and leaves operations vulnerable to yet unidentified risks.

“We recommend a new generation of advanced antivirus software that does not always depend on identifying known threats or ‘signatures.’ Instead, such software uses artificial intelligence to analyze which PC programs and processes are affected and, as soon as malicious activity is detected, stops it,” explains Tatarintsev. 

According to Tatarintsev, email security is also of critical importance today because insufficient precaution in this area is perhaps the leading cause of companies getting ensnared in ransomware.

“Statistically, most healthcare companies acquire ransomware when an employee receives a suspicious email that seems legitimate and clicks on an embedded link.  This starts the ransomware attack, which then spreads throughout the company network,” says Tatarintsev.

To protect against this hazard, Tatarintsev recommends that healthcare businesses use advanced email spam protection tools that can filter out all potentially malicious emails and stop users from clicking on suspicious links.

Since deceptive “phishing” emails designed to start a ransomware attack can appear so similar to authentic emails, Tatarintsev advises that all healthcare employees receive periodic security awareness training.  This teaches employees how to distinguish the latest potentially dangerous emails and sends safe, simulated phishing emails to test their responses on an as-needed basis.  Employees who fail the test are given additional training, so they will not compromise the business when an actual assault occurs.

If all these defenses fail and ransomware does infect a healthcare company’s IT network, a reliable backup system should be in place that can quickly restore all critical data.

Some data will be lost, depending on the frequency of backup. Unless these are virtually continuous, a day or even a week or more of current data could be lost. Moreover, care must be taken as to how data is transferred and saved, so ransomware does not have access to storage sites connected to company networks.

While long-term care facilities can attempt to fight the growing scourge of ransomware in-house, most IT departments do not have the time, resources, or expertise available to deter the constantly evolving threat on a 24/7 basis.

As an alternative, an increasing number of healthcare businesses are cost-effectively protecting against ransomware by outsourcing to professional, third-party firms that remotely and continually provide layers of protection with a comprehensive, integrated IT approach.  

This strategy can continually deter and detect threats as well as resolve vulnerabilities.  Additionally, this eliminates the need to dedicate internal IT staff to these types of tasks.  It also minimizes potential loss and even liability if serious harm were caused by disrupted company services.

The first and primary goal of a third-party integrated IT service is to deliver the foremost level of technical quality that can be delivered reliably for a client’s budget.  

For this reason, only carefully selected software tools and technical solutions should be utilized to ensure its clients are always operating in a high-performance, reliable, and secure IT environment.   

With the menace of ransomware continuing to escalate, long-term care facilities of all sizes would be wise to examine options for deterring the threat before being victimized.

Del Williams is a technical writer based in Torrance, CA. 

The opinions expressed in McKnight’s Long-Term Care News guest submissions are the author’s and are not necessarily those of McKnight’s Long-Term Care News or its editors.