By Robert McDermott, President & CEO / iCoreConnect

This is the second article in a three-part series on cybercrime. Phishing and malware, including ransomware, are of particular concern to your practice, because healthcare is the top target of cybercriminals.

“Ransomware reigns supreme in 2018, as phishing attacks continue to trick employees…A criminal only needs one victim to click on their malicious link or download to gain access to an organization.
—TechRepublic3

How do you know if you’ve been attacked by ransomware?

The US Dept. of Health and Human Services (HHS) list of indicators include:4

  • A user realizes that a link that was clicked on, a file attachment opened, or a website visited may have been malicious in nature
  • An increase in activity in the central processing unit (CPU) of a computer and disk activity for no apparent reason (due to the ransomware searching for, encrypting and removing data files)
  • An inability to access certain files as the ransomware encrypts, deletes and re-names and/or re- locates data; and…
  • Detection of suspicious network communications between the ransomware and the attackers’ command and control server(s) (this would most likely be detected by IT personnel via an intrusion detection or similar solution).

A ransomware attack can take down your practice.

Once a phishing attempt is successful (remember, it takes just one person in your organization clicking on a link), the malware goes into your system and begins its nefarious work. Sometimes it sits dormant for a while. But sooner or later, it begins collecting information. Sometimes, it begins destroying your backup files.

Usually, one of two things happens.

  1. The malware sends your data to the cybercriminal. This includes Protected Health Information (PHI). It may also include additional data that will help the criminals take further control of your system. This could go on perpetually.
  2. The malware will lock you out of your system and post a ransom message.
    This is why the type of malicious software involved is called “ransomware.” It often denies access to any computer and patient records at a practice.
    In a ransomware attack, you’d likely be told to pay the ransom in bitcoin, so the funds are not trackable. Bitcoin is an electronic payment system that doesn’t go through a bank or other payment gateway.

We’ve seen ransoms range from hundreds to hundreds of thousands. We’re also seeing escalating ransoms. If you pay $10,000, the cybercriminals may up the ransom by another $20,000. Of course, this doesn’t account for the HIPAA violations you’ll have to deal with.

No matter how you slice it, you don’t want to encounter malware in your practice.

HIPAA-compliant email exchange system iCoreExchange is unable to be phished, is encrypted at the highest levels, and stores its data remotely. It’s available standalone, or as part of iCoreDental, an ONC-certified practice management EHR software.


³https://www.techrepublic.com/article/ransomware-reigns-supreme-in-2018-as-phishing-attacks-continue-to-trick-employees/
4https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf