Hackers are becoming increasingly sophisticated, using “ransomware” and other forms of malware as part of scams intended to trick users into providing personal information or even to extort a payment from a user. When these attacks target healthcare organizations, the effects can be crippling.
A well-known California medical center recently experienced a ransomware attack that brought down their enterprise hospital information system by using encryption to lock files and demanding ransom to obtain a decryption key.
It is extremely important to minimize the chances of infection by this potentially serious computer virus and how to respond if your organization is infected.
How Does a Ransomware/Malware Infection Occur?
Most often, malware attacks have begun with a user clicking on or attempting to open a suspicious email attachment. But more recently, an increasing number of incidents involve “drive-by” ransomware, which can infect a computer simply by a user going to a website. These can be perfectly legitimate websites that have become “contagious” through compromised advertisements appearing on the site. Whatever the cause, if a suspicious message appears prompting you to make a payment or provide information, do not click.
Is my data within NextGen Healthcare protected?
NextGen Healthcare protects our hosted customers, using best-of-breed anti-virus solutions and by conducting routine, systematic back-ups in the event of a catastrophic infection. However, the NextGen® application is not the typical gateway where a virus is introduced into your environment. As explained above, attacks most likely occur when a user inadvertently accesses an infected website or clicks on an infected email attachment.
If machines sharing the same network as your NextGen Healthcare data have been compromised, this data is no longer safe. If a user stores or backs up NextGen Healthcare data from a device that has been infected, the data can be compromised. Similarly, infected documents or images that are attached to the patient record in NextGen® Ambulatory EHR could pose a risk to the stability of your NextGen Healthcare environment.
What should my organization be doing to protect against malware/ransomware?
Adequate firewall protection for your entire network is of course essential, along with up-to-date anti-virus protection for all servers, PCs, laptops and other devices on your network. Using strong passwords and pop-up blockers is strongly recommended. It is impossible to overstate the importance of employee training which is essential to minimizing this and other vulnerabilities. Finally, data back-up is essential to avoid loss of files in the event of a successful attack.
The FBI routinely investigates malware/ransomware complaints and has compiled a list of precautions you should be taking, ranging from anti-virus/malware, recurring backups of critical data, employee training, use of pop-up blockers, and more. Read this article on the FBI blog.
What should a NextGen Healthcare client do if infected?
The first step is to contact your IT staff to report the virus. Your IT staff should know how to combat the virus or engage your vendor to help guide the process. The infected user or users refrain from using their computers and the entire organization alerted to the potential threat and provided steps to avoid spreading the virus, such as suspending file transfers and email attachments.
NextGen Healthcare support has not been trained or authorized to combat viruses within your your specific local network. However, you should notify us in the event of a malware or ransomware attack, especially one that is not immediately resolved.