ASC Focus Nov Dec 2016 Digital Issue

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

FEATURE

Understanding the Dangers Ransomware has the potential to sig- nificantly harm an ASC, depending upon an ASC’s preparation for such an attack. “If there is no way for an ASC to recover the encrypted data, you have two choices,” says Steve Campbell, chief operating officer of Oppor Infra- structure. “You can either pay the ran- som or be willing to lose the data.” The Federal Bureau of Investigation (FBI) advises against paying a ransom, noting that doing so does not guarantee data release, emboldens cybercriminals to perform more attacks and potentially supports other illegal activities (www. fbi.gov/news/stories/incidents-of- ransomware-on-the-rise). Many organizations still choose to

Protect Your ASC from a Ransomware Attack

Prevention and backups are the best defense BY ROBERT KURTZ

S

teven Sanchez, network adminis- trator and facilities manager for

Pend Oreille Surgery Center in Pon- deray, Idaho, says ransomware is an issue of growing concern for his ASC. He points to the increasing number of organizations affected by this cyberse- curity threat. A US government interagency guidance document (www.justice.gov/ criminal-ccips/file/872771/download) notes that there is an average of 4,000 daily ransomware attacks in 2016, which is a 300 percent increase over the approximately 1,000 daily attacks seen in 2015.

A type of malware or malicious

software, ransomware is designed to encrypt data with a security key known only to the cybercriminal. “Once the ransomware is executed on a user’s local system, it will attempt to encrypt all files, which includes documents and photos,” says Tommie Giles, secu- rity analyst for Oppor Infrastructure,

an information technology (IT) design and support agency based in Overland Park, Kansas. “After the encryption is finished, users will likely find a text file on their system that provides an elec- tronic ‘address’ to send money, usually bitcoins, in order to receive a password to decrypt the files.” While hackers are not likely target-

ing ASCs specifically, they are attrac- tive victims, says Chris Johnson, co- founder and chief executive officer of Untangled Solutions, a provider of health care IT services based in Los Angeles, California. “Hackers are not looking for ASCs;

they could stumble upon a data trove that happens to be in an ASC,” he says. “Once ransomware is in place, the software collects data and informa- tion, reporting this back to the hackers. If the hackers understand that the data have value, they will encrypt every- thing and demand the ransom.”

14 ASC FOCUS NOVEMBER/DECEMBER 2016

pay the ransom and are often success- ful in getting their data released, Giles says. “It is good customer service for cybercriminals to release the data. If organizations know that paying the ransom will likely succeed, cybercrim- inals are more likely to get paid. A risk you take if you pay the ransom is being put on a list of good ransom customers for the future.”

The loss of data and/or inability to access data while it is encrypted are sub- stantial concerns, Sanchez says. “ASCs need to determine how long it would take to recover from such a situation. Would it set you behind for a week? For some ASCs, that could potentially cost hundreds of thousands of dollars.” In certain situations, the presence of ransomware might even be consid- ered a breach under Health Insurance Portability and Accountability Act rules, according to a report from the US Department of Health & Human Services (www.hhs.gov/sites/default/ files/RansomwareFactSheet.pdf). “If the data are compromised, you are looking at penalties, fines, legal expenses, notification of patients and more,” Johnson says. “A significant breach can be the catalyst for a small business to close.”

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34