Ransomware
Healthcare's #1 Cybersecurity Threat
What is ransomware?
Ransomware is a type of malware that encrypts all of the files on a device and then presents a message demanding a “ransom” (usually in the form of cryptocurrency like Bitcoin) be paid in the next 24-48 hours in exchange for decrypting your data.
These malicious programs are often designed to spread silently across a network, and some types of ransomware will not activate until all devices on a network are infected.
The ransoms demanded typically range from $10,000 to millions of dollars, depending on the number of devices caught in the attack, and quantity of data encrypted.
If a ransomware victim is not able to restore their computers from “clean” backups (that haven’t been infected), they may lose all of the data stored on their machine, and will have to do a fresh install of their operating system on each and every infected device in order to recover.
What are the chances it could actually impact my clinic?
The healthcare industry is a particular target for ransomware attackers, because the data that is targeted is so sensitive. According to Sophos (a leading cybersecurity research firm), healthcare organizations were targeted almost twice as often in 2024 as they were in 2021. Microsoft’s Security Division reports a 300% increase in ransomware attacks overall since 2015. While these reports focus on US-based healthcare organizations, the reality is that cybersecurity threats do not stop at the border, and as these trends continue, the targets of ransomware will become commensurately smaller. We have already seen examples of primary care clinics in Ontario who were hit with ransomware, which shut down their use of their EMR and phones, and which forced physicians to use paper and fax until their systems could be restored.
A 2019 report from OntarioMD notes that of the 141 instances of fraud reported in 2018 by healthcare organizations to the Canadian Anti-Fraud Centre (CAFC) was ransomware. The same report also goes on to state that it is estimated that only 5% of these types of cases are reported.
There are a variety of factors that lead to the current state of under-reporting of cyberattacks both in Canada and globally; there are reputational costs associated with admitting to a breach publicly, the data exposed may be of a particularly sensitive nature (as it it certainly is in the field of healthcare), and there may be legal risks associated with disclosing the fact that a clinic has had a breach. Whatever the reason, it is an absolute certainty that the rate of successful ransomware attacks happening in Canada is underreported; the question is only by what factor. We must give real consideration and credence to the available data from cybersecurity research organizations: ransomware is becoming more popular year on year for the past decade, and there has been a recent and sustained spike in attacks targeting the healthcare sector in particular. It is not a matter of if your clinic will be exposed to a ransomware threat, but when. Having protective measures in place can help prevent any incidents of exposure turning into a breach that disrupts your clinic’s operations and risks putting patient data at risk of theft.
How can I protect my clinic from ransomware?
Thankfully, there are a number of fairly simple measures you can take to help! Some of these tips can help reduce the chances your clinic will fall victim to a ransomware attack, some will help limit the potential exposure of private patient data, and others can help your clinic recover as quickly as possible after a ransomware attack has occurred. Having all of these in place will help make your clinic’s cybersecurity profile more robust and resilient to not just ransomware, but many kinds of malware attacks.
Back up all of your devices
Ensure that all of your devices are backed up on a daily basis, ideally both in the cloud and locally (for example, on an external hard drive or Networked Attached Storage). This will help guarantee that even if a device is compromised, you will be able to restore it from an uninfected backup rather than be faced with the decision on whether or not to pay the ransomware.
Secure your backups
Even if your clinic already has backups in place, the backups themselves may be at risk of being maliciously encrypted during a ransomware attack if they are directly accessible for modification or deletion. Ensure that the backup system in use does not allow direct file access, which means storing the backups on different devices, or in the cloud (or ideally, in both locations).
Use security software (and keep it up to date!)
Make sure all of your computer devices have their security software systems enabled and kept up to date. Make sure as well that all operating system updates are installed promptly upon release, as those often contain patches for security flaws.
Implement a security awareness program
Provide regular cybersecurity training to all staff so they can avoid social engineering tactics like phishing, water holing, or baiting. Every ransomware attack starts with creating or exploiting an existing security vulnerability, so ensuring staff are vigilant to these vulnerabilities is the most important way to defend your clinic from ransomware attacks.
Learn More
- DTO Technical Bulletin on Ransomware
- Ransomware Resource Website recommended by DTO
- Doctors of BC – Preventing a Breach
- Ontario Privacy Commissioner Case Report on a clinic who suffered a ransomware attack
- CMPA – Cybersecurity threats: Are you prepared?
- Canadian Centre for Cybsecurity Research – Ransomware: How to prevent and recover
We also invite you to learn more about Vancouver Division’s clinic-focussed support offering; the PMH Digitization and Connectivity Program, or contact us directly: concierge@vancouverdivision.com
