Health Information Compliance Alert

Published on Fri Feb 19, 2016 PDF

Question: We’ve been hearing a lot about “ransomware” lately. Is this similar to malware? How can we identify ransomware and prevent it from infecting our systems?

Answer: “Ransomware” is malicious software that effectively walls off data so that it’s inaccessible to authorized users, according to a Feb. 2 Cyber-Awareness alert from the HHS Office for Civil Rights (OCR). Cybercriminals have recently increased their use of ransomware, attacking a wide variety of targets including businesses, institutions, and individuals.

“Ransomware frequently infects devices and systems through spam and phishing messages, botnets, exploit kits, compromised websites, and malvertising,” OCR explained. “Ransomware uses a social engineering trick to get potential victims to click on malicious email attachments or open Short Message Service (SMS or text) messages, which lure them to compromised or malicious websites.”

To protect against the threat of ransomware, OCR advised that covered entities and business associates should consider:

• Backing up data onto segmented networks or external devices and making sure backups are current;
• Ensuring software patches and anti-virus are current and updated;
• Installing pop-up blockers and ad-blocking software; and
• Implementing browser filters and smart email practices.