A few weeks ago, we posted an article in What’s Next on the growing threat of “ransomware” and other forms of malware. This week, we want to update NextGen Healthcare clients on some specific threats and best practices to minimize the risk to your organization.
Ransomware attacks are generally part of a scam intended to trick users into providing personal information or extort a “ransom” payment in exchange for a key to unlock data.
Ransomware viruses originate from any number of established or “amateur” hackers. Known by various names (e.g., CryptoWall, crypto locker, Koler, PowerWare), these viruses target various types of devices, from Windows desktops to Android devices and more.
Needless to say, these attacks can be crippling for healthcare organizations, risking not only the security of patient health information, but even patient safety itself. At least three U.S. hospitals have been hit by recent ransomware attacks, including a California medical center whose entire enterprise hospital information system went down before they were able to contain the attack! Read more
It is extremely important to understand how these attacks happen and how to take action not only minimize to the chances of infection by these potentially serious computer viruses, but also respond appropriately should your organization experience an attack.
How Does a Ransomware/Malware Infection Occur?
In most cases, malware attacks have begun with a user clicking on a suspicious link or attempting to open a suspicious email attachment. In some cases, viruses are disguised as ads or pornographic videos. More recently, an increasing number of incidents involve “drive-by” ransomware, which can infect a computer simply by a user going to a website, even perfectly legitimate websites that have become “contagious” through compromised advertisements appearing on the site.
From there, a typical scenario involves a message that appears claiming to be from the FBI or some other authority and stating that the user has violated a law, thereby causing data to be locked until the user pays a fine.
PowerWare ransomware is a newer variant of the crypto type of malware. This variant leverages the use of Word documents and PowerShell to infect systems. This can be mitigated by not enabling macros when prompted.
Whatever the cause or source, if a suspicious message appears prompting you to make a payment or provide information, do not click it! Instead, stop using the computer and contact your IT department or a qualified outsourced IT service.
Is my data within NextGen Healthcare protected?
NextGen Healthcare protects our hosted customers using best-of-breed anti-virus solutions and by conducting routine, systematic back-ups in the event of a catastrophic infection. However, the NextGen® application is not the typical point that a virus is introduced into your environment. As explained above, attacks most likely occur when a user inadvertently accesses an infected website or clicks on an infected email attachment.
If machines on the same network as your NextGen Healthcare data have been compromised, this data is not safe. If a user stores or backs-up NextGen Healthcare data from a device that has been infected, the data can be compromised. Similarly, infected documents or images attached to the patient record in NextGen® Ambulatory EHR could pose a risk to the stability of your NextGen Healthcare environment.
What should my organization be doing to protect against malware/ransomware?
Adequate firewall protection for your entire network is of course essential, along with up-to-date anti-virus protection for all servers, PCs, laptops and other devices on your network. Using strong passwords and pop-up blockers is strongly recommended. It is impossible to overstate the importance of employee training which is essential to minimizing this and other vulnerabilities. Finally, data back-up is essential to avoid loss of files in the event of a successful attack.
If you are a hosted client, save your data to the N: drive. This location is part of the regular backup schedule. If you save files to destinations within a Windows profile (Desktop, My Documents, etc.) there is no guarantee this information will be included in the backup.
(Please note: Any data stored in the hosted environment counts toward the total storage allocation. Going over the storage allocation may incur additional charges.)
The FBI routinely investigates malware/ransomware complaints and has come up with a list of precautions you should be taking, ranging from anti-virus/malware, recurring backups of critical data, employee training, use of pop-up blockers, and more. Read this article on the FBI blog.
Because infections generally result from user behaviors, security behavior management solutions are becoming increasingly popular. These solutions simulate a real “spear phishing” attack in order to detect and address human vulnerabilities through increased training and improved policies and procedures. Client may wish to explore behavior management solutions as part of their overall security strategy.
What should a NextGen Healthcare client do if infected?
The first step is to contact your IT staff to report the virus. Your IT staff should know how to combat the virus or engage your vendor to help guide the process. The infected user or users refrain from using their computers and the entire organization alerted to the potential threat and provided steps to avoid spreading the virus, such as suspending file transfers and email attachments.
One common method of recovering from an attack is to restore the last good data backup. Ensure that any critical data is currently part of your routine backup plan.
NextGen Healthcare support has not been trained or authorized to combat viruses within your local network. However, you should notify us in the event of a malware or ransomware attack, especially one that is not immediately resolved.
Watch for future articles on data security and announcements about educational webinars on this critical topic from NextGen Healthcare.