Ransomware: Coming to a Computer Near You
Using our office computer, I logged onto the website of our town’s surgical group. I got what I thought was a weird dialog about running cookies and I clicked out of it. Suddenly the browser started acting odd and then normalized. In a few minutes, the problem became clear. Malware was on my machine.
This one was evil.
My peripherals stopped working and then came the inevitable dialog. My files were corrupted and if I just clicked the “clean” button, all would be well…. After I paid some money.
But, I was ready. Ransomware has been my perpetual computer fear.In earlier versions of Windows, Malware was more common. Even after being warned, my staff tended to click on sites which added junkware onto the system. I grew weary of doing reinstalls.
The process taught me several things:
- Store all your files in the secured cloud. No local personal files means there is nothing to corrupt or become compromised.
- Run your EMR in the secured cloud. (We use Elation Health.)
- Run only the most basic of programs on your PC.
- Back-up, back-up, back-up. Use two cloud providers and maybe even throw your cloud files onto an external drive.
I also received advice many years ago about office servers: DON’T USE ONE!!!
The bottom line:
Be prepared to literally throw your laptop/PC into the garbage if it displeases you.
In this case, I did the electronic equivalent. I used Microsoft’s Windows 10 “Reset this PC” recovery option. It wipes out your harddrive and gives you a fresh version of Windows. It was a bit tricky because the malware tried to block me. Dell has an option where you can do this via the BIOS.
Once you do the refresh, you install your printers and the handful of programs necessary to run your computer. Again, keep it minimal.In 90 minutes, I was back up and running again with a fresh OS and all the necessary drivers.
BOOM! TAKE THAT YOU EVIL RANSOMWARE THIEVES!!! Yet, I’m still angry. With simple basic web browsing to reputable sites, a PC running a fully updated and patched Windows 10 with a fully updated Chrome Browser quickly acquired a deadly program.
Hello? Security? Really?
We are so doomed!
An interesting article describes the future of RansomWare: It’s booming because people are paying!
Not me!
As a patient and retired IT professional, with an interest in security, it has never ceased to amaze me at how nonchalantly the medical industry treats its computerized medical records. Indeed, there are plenty of malware instances, including ransomware. Those can not only keep one out of their own files, but can corrupt them as well as making private information public – contrary to HIPPA. They could due with having and USING anti-malware software, as well as some common security measures.
One of those is to not leave yourself logged on AND with patient information from the prior patient up on the screen, then leave the next patient in the room. This leaves open a great deal of information to the next patient, which they have no business having. Furthermore, by not closing the prior patient’s information, it is easy to start writing notes from THIS patient into the previous patient’s records, muddling up the whole thing. It can cause headaches for the patient, as well as cause future providers to have wrong information about the patient. It causes distrust for those records all around.
If the patient with access to the records wants to, they can alter their own or others’ records, or even change the password or possibly put in a back door to allow access to those records to those who should not have them.
Another time I became the beneficiary of some medical waste. I bought a several-years-out-of-date computer – identical to one I owned that had problems with some of its plugs. I bought it as “non working and no guarantees” from a medical device seller. When I got it, it appeared new, but the disk drive did not work properly. THIS SHOULD HAVE BEEN IMMEDIATELY RETURNED TO THE DISTRIBUTOR OR MANUFACTURER OF THE COMPUTER FOR REPLACEMENT. Instead, it had been put on a shelf, and allowed to depreciate. So, no doubt, this was replaced with a new one, expensed, and the cost passed on to customers (patients).
Come on, guys! If you cannot or do not wish to manage the IT, hire an IT security professional who can! Meanwhile, pay attention when they tell you about security. You wouldn’t leave all patients’ medical records open to inspection and alteration if they were still paper. Why do that in electronic form?