The case studies in this presentation are real life examples of ransomware attacks on health care organizations, and are intended to help physicians respond appropriately for when this type of cyber crime occurs.
2. 2.
about
In a ransomware attack, your data
is held ransom. Cyber criminals
use software (ransomware) to take
control of and encrypt the data on
your network. The criminals then
threaten to destroy the data unless
you pay a ransom.
ABOUT
RANSOMWARE
ATTACKS
Health care professionals
are now the preferred targets
of these attacks.
3. 3.
case study 1
CASE STUDY 1
A practice manager for a small group opened an email attachment
and immediately noticed that she could no longer open any files on her
computer. She received a pop-up alert with a ransom demand.
IT staff investigated and found that because several months had passed
since the last system back up, their patient data was irretrievable. The
group reluctantly paid the ransom.
4. 4.
case study 1
CASE STUDY 1
(continued)
Three weeks later, the employee received another
ransomware notice. Again it was decided to pay the ransom,
which had doubled.
Prompted by the second attack, the group revised its process
to make sure current back ups would always be available.
They also added more layers of cyber security and trained
staff on how to avoid phishing emails.
5. Traditional IT security includes ๏ฌrewalls and antivirus software, but
these tools may no longer provide enough protection. Learn about data
protection and privacy issues and teach staff about what to avoid.
CASE STUDY 1
(continued)
5.
case study 1
6. 6.
case study 2
CASE STUDY 2
A medium-sized medical practice was unable to access their legacy
practice management system. When IT was called, they found a ransom
demand on the server.
IT staff took down the network to prevent the spread of the ransomware.
A new server was restored from backup. Within two days, the practice
was functioning normally.
7. 7.
case study 2
CASE STUDY 2
(continued)
Conducting frequent backups and ensuring the ability to
recover data is crucial to recovering from a ransomware
attack. Restorations should be tested regularly.
8. 8.
case study 3
CASE STUDY 3
A physicianโs staff returned from lunch to find their network encrypted,
along with a ransom demand. Patientsโ protected health information had
been breached, and 30,000 patients were notified.
Before this incident, the physician believed that his practice was too
small to be hacked, insisting โwho would want my data?โ The practice
has now invested heavily in new IT, cyber risk management, and cyber
security services.
9. Physicians and employees are the greatest vulnerability when it comes
to ransomware attacks. Simply clicking on a link, opening an attachment
or using weak or infrequently changed passwords can be the beginning
of a long and costly process.
CASE STUDY 3
(continued)
9.
case study 3
10. PROTECTION FOR A
NEW ERA OF MEDICINE
ABOUT TMLT:
With more than 20,000 health care professionals in its care, Texas Medical
Liability Trust (TMLT) provides malpractice insurance and related products
to physicians. Our purpose is to make a positive impact on the quality of
health care for patients by educating, protecting, and defending physicians.
www.tmlt.org
Find us on: