How to Prevent Ransomware in Healthcare + Checklist

It’s every business’s worst nightmare.

Imagine coming into work just like every other day and turning on your computer. Instead of seeing your personalized background, you’re greeted by a new background saying your network and its connected computers have been infected with ransomware. 

What now? 

The simple answer - call your IT provider, sit back, and wait weeks – or worse, possibly months – before getting back to a “normal” work routine. Unfortunately, in healthcare, that isn’t really an option; time is not a luxury. 

While there is no way to be immune to ransomware in healthcare, there are safeguards you can take to avoid getting infected. 

[CHECKLIST] How to Prevent Ransomware in Healthcare

Nothing stops a healthcare system’s operations quite like falling victim to a cyberattack, especially ransomware. 

To minimize the chances of this happening to your healthcare system’s network, follow this checklist of  some must-have procedures you should implement immediately:

1. Keep everything up-to-date
2. Follow best practices for security
3. Have a routine backup
4. Continued employee training
5. Have strong passwords / 2 factor authentication
6. Have a disaster recovery plan

1. Keep Everything Up-to-date

Yes, you’re probably thinking, “Another update? How long will this one take?” 

Big companies such as Microsoft, and Apple have some of the strictest security requirements there are. Both tech giants regularly push out security updates to ensure their users’ devices – both the hardware and software – are up-to-date on their security patches. 

Let’s take a look at both components:

Hardware

Hardware is the physical components of your network. It would include things such as:

• Computers
• Servers
• Access points 
• Switches

Hardware updates typically come from its manufacturer. Unfortunately, not all hardware has automatic updates, let alone successful updates. Scheduling time each week to manually check that your updates have successfully gone in, is critical to ensuring that you have the latest security patches throughout your network. 

Software

Typically, software is the bread and butter to your operation. It’s what keeps all your electronic medical charts accessible at the touch of a button or your computers functioning. However, your Electronic Health Record (EHR) program isn’t the only piece of software your business uses (at least it shouldn’t be). 

Some software that should be kept up-to-date are:

• EHR platform(s)
• Intrusion detection
• Antivirus
• Email services

Just like with hardware, software companies routinely push out security updates that patch any gap in your software that have been exploited by cybercriminals. 

2. Follow Best Practices for Security

Next to keeping your network components up-to-date, adopting cyber and data security  best practices can help your business stay ahead of the cybersecurity curve:

• Having a business-grade firewall
• Installing an antivirus/intrusion detection software
• Implementing strict security policies for employees

3. Have a Routine Backup

Data backups are essential to your business’s day to day operation. They’re even more important when it comes to ransomware. Having a backup won’t prevent ransomware. But by having a backup you’re able to restore your files much quicker, allowing you to get back to business as usual.

Backups have far too many styles to list, so if you’re curious about which backup is right for your business, give us a call to schedule a free consultation! 

4. Continued Employee Training

Human error is the most common cybersecurity threat we face each day. All it takes is for one small mistake to open your network’s door wide to a ransomware attack.

Keeping your employees engaged and knowledgeable with the latest cybersecurity trends will help to minimize your chances of getting attacked.

With companies like KnowBe4, you no longer have to be an IT guru to conduct your own training. Partnering with a cybersecurity company gives you and your employees access to hundreds of different learning modules. 

Further Reading: Cybersecurity in the Workplace: Avoid These 5 Things  

5. Have Strong Passwords & 2-Factor Authentication

This one goes without saying, but every single password is critical to a business. With large scale attacks such as the one on the Colonial Pipeline being a result of weak passwords, this section needs some extra attention. 

Typical password requirements are:

• At least 8 characters long
• Contains 1 capital letter
• Contains 1 special character

In addition to a heightened level of complexity, having 2-Factor Authentication (2FA) on your passwords is a must-have. When logging in, 2FA sends a unique code to a personal device (cell phone, another email, or app) that must be entered before gaining access to the account. 

6. Have a Disaster Recovery Plan

Having a disaster recovery plan should be the first thing you do with your IT provider.

Disaster recovery plans are designed to assign teams and personnel to certain tasks following a cyberattack. Although it seems like a disaster recovery plan is specific to the aftermath, it also allows you to find gaps and vulnerabilities within your company beforehand. 

Resource: Designing a disaster recovery plan can be rather tedious, so we took the guesswork out for you. Check out our Disaster Recovery for Small Businesses here!

Staying Safe Against Ransomware

Keeping your business safe isn’t something that happens overnight or by someone with limited experience. 

But with a good ransomware-prevention checklist that’s completed, you can have peace of mind that your organization is less vulnerable to an attack.  

Need a Checklist?

Download our free checklist on how to prevent ransomware in healthcare. Or, let’s talk about your business and how we can help keep you safe against ransomware!