Malware Threats in Healthcare
Welcome to the second in our web series, Malware threats in healthcare. Continuing with our talks about security we are going to spend some time on threats. Today we will be dealing with a very common and very dangerous threat, Malware. Hopefully you come away with some information that can help your practice combat this threat.
Malware/Viruses
Malware and viruses are lumped together as programs that attempt to do some harm. Malware is conjunction of malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. Malware is a broad term that refers to a variety of malicious programs. There are several common types of malware including;
Ransomware
Ransomware is the newest kind of threat that causes a tremendous amount of damage. It can affect anyone and everyone. You might know someone who has dealt with this. Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware, like Cryptolocker, encrypts files. And even if you pay it is no guarantee that you will get the key to unlock it. Jigsaw is another, just like Cryptolocker, the difference is that it actually deletes your files if you wait too long to pay.
Spyware
Chances are you have heard of this one. Spyware is any software that obtains information from a PC without the user’s consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window. This often includes collecting confidential data such as passwords, PINs and credit card numbers, monitoring keyword strokes, tracking browsing habits and harvesting email addresses, and often times healthcare data. Software designed to serve advertising,
known as adware, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. However, marketing firms object to having their products called “spyware.” They are now referred to as PUP’s or potentially unwanted programs. Tracking cookies are files on hard drives that track a user on the Internet.
Rootkits?
It’s a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, access/steal information, or control the computer as part of a botnet. Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits. As a result, rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis.
Virus
A virus is a form of malware that is capable of copying itself and spreading to other computers and networks. Viruses often spread to other computers by attaching themselves to various programs and executing code when users run any of those infected programs.
So, how do you get around this? How do you combat it?
Get a strong anti malware/Anti virus solution.
I cannot stress this enough. There are many free products out there that do a great job. But they might not offer the peace of mind you have in a paid and guaranteed product.
Have a strong perimeter network including a next generation firewall with intrusion prevention
Browse wisely – Credited websites like the major commerce and search engine sites and reputable businesses are less likely to cause any security issues. Entertainment websites have a higher likelihood to contain adware or malware that can download through website cookies or even get downloaded by you clicking links an unaware of the danger within. The best advice is to keep surfing to a minimum at work or not at all. A good rule of thumb is…If it isn’t a business related site, don’t visit it.
Avoid PUP’s. These are the add on programs that come with other installs. Things like tool bars, coupon printers, etc. They slow down your machine and promote pop ups that will bring your practice to a crawl. I have personally seen this in action in a place of business, and I bet there are many people who can say they had a computer fall victim to something like this at least once in the past.
The security threats we talked about today are absolutely real and we need action taken against them to be sure we don’t fall victim to them. Doing nothing changes the question from if, to when your practice has a security breach. And based on some of the types of attacks we reviewed, It could already have happened if you haven’t been looking for it.
Are you interested in a free consultation? Or do you know a practice that needs help?
Please contact us and we would be happy to meet with you and discuss your security needs.