Are Your Patient Files Protected from Ransomeware?
One of our favorite clients asked us for our thoughts on protecting their office from the crypto malware attacks that have been increasing recently against businesses, and she thought our other clients would be interested as well. I’ve put this together for the benefit of all of our clients, so special thanks to Marty.
In case you haven’t heard, what I’m talking about is a really nasty piece of work called Crypolocker Ransomware.
As the name would imply, it’s designed to infect your computer, encrypt all of your important files, and then ask you to pay a ransom, usually around $300.00, to get a key to unlock your files. If you don’t pay the ransom within a few days, your key is deleted and you can never recover your files.
There is no way around it, and no way to recover your files. They are gone forever. The level of encryption used is completely unbreakable.
Just imagine all of your electronic health records, billing, SOAP notes, office forms, and everything in your My Documents folder GONE.
Are you scared? Don’t be. You can protect yourself with some not-so-common sense.
There are three things you can do to prevent this from happening to you. I personally do all three of them, and you should too.
- Use updated virus software (duh)
- Have an automated, off-computer backup system (this is the most important)
- Understand a little about email attachments
I personally use AVG Free antivirus software. I have been using it for so many years that I can’t remember when I started. It updates with new virus definitions every time I turn on the computer, as well as at least once every 24 hours (since I sometimes go weeks without turning off my office computer.)
Backup the RIGHT way:
This is the most important thing you can do when it comes to protecting your files. Your files are like anything else in life. If someone wants them bad enough, they can get them. You can buy a top-notch home security system, and put The Club on your car, but insurance is what buys peace of mind. And that is what an idiot proof backup system is.
I personally use Mozy. I’ve heard good things about Carbonite as well.
Dropbox does not count. Neither does Google Drive. These are file syncing services, and syncing files to the cloud is not the same has having separately named backups. A file that infects the hard drive on your computer can just as easily infect your Dropbox and Drive folders.
Your EHR surely has a backup setting, but if it’s backing up to your hard drive, then that backup file would be just as likely to be infected as any other file. Not only that, but if the dentist next door gets high on nitrous and burns the place down, your hard drive is toast.
If you back up to an external hard drive, and leave the drive connected to your PC, then the external hard drive is just as vulnerable to the infection as your hard drive.
If you’re taking your hard drive home at night, you had better make sure it’s encrypted. The last thing you need is the extra expense and embarrassment of having to buy LifeLock for all of your patients because your drive was stolen out of your car while you were out to dinner.
A great way to do it is to set your EHR to backup your database to a backup folder on your hard drive at 7:00 pm after you’ve left, and then have Mozy run a backup of your backup folder at 7:30 pm, transferring that file to the cloud for safe keeping. This would happen every day automatically without the need to remember. Idiot proof.
If you’re wondering about HIPPA, I don’t think it’s an issue. You should be saving your EHR database as a password encrypted file. Sure, it’s now on a Mozy server somewhere, and theoretically someone at Mozy could access the file, but without the password the information contained in the file is not accessible to anyone. Not even Mozy.
Of course I can’t give a legal opinion about HIPPA, but the reality is that a password encrypted file on a Mozy server is protected by two passwords, one to access your Mozy account, and another to decrypt the file. This is considerably harder to access than paper files in a locked office which anyone could access with a pair of bolt cutters.
It would still be really inconvenient to have your files infected, but it would be a major inconvenience rather than a catastrophic failure. You could then download and run one of the Cryptolocker specific cleaning tools, delete the infected files, and then import your database back to your EHR software from the cloud and you’d be back up and running.
Worst case scenario is you would have to wipe your hard drive, reinstall windows and your EHR software from discs, then import your EHR database to your software.
The third thing is to understand a little about email attachments, and files in general. In case you need a little refresher, the three letters after the period at the end of a file name are called “file extensions.” Their purpose is to tell the operating system, like Windows, which program to use to open a file.
If the file extension is .doc or .docx, Windows will try to open the file with Word. If it’s .html Windows will open it with your default browser (hopefully not Internet Explorer but that’s a whole other subject.)
By default, Windows does not show the file extensions. You can change this by following these instructions: http://tinyurl.com/mb95xva
The files that usually cause the problem are .exe files, which are executables. Executables are files that can run programs on your computer. If you see this in an email attachment do not open it. A problem here is that sometimes the .exe file will be hidden in a .zip file. A zip is a way to bundle a group of files together, but treat the folder as one file. So the bad guy sticks an .exe file inside a .zip file and when you click it, it runs the program.
One of the ways people with antivirus software still manage to get infected with malware is by downloading and installing the viruses themselves. Email attachments are the main way this happens. So don’t open unsolicited attachments.
The Scare Tactic:
Another trick is to have a website send you a popup message saying your computer has been infected, and you need to download and install a program to clean it up. They try to make it look like it comes from your Antivirus software or from Windows itself. I hope you do not fall for this.
So don’t download and install files from alerts while you’re surfing. Close your browser and open your actual antivirus software to see if there is really an infection.
There are also programs like CryptoPrevent, which is a utility to artificially implant group policy objects into the Windows registry in order to block certain executables in certain locations from running. (There’s a mouthful) There is a free version of this software, as well as a $15.00 premium version with automatic updates of the virus definitions. If I were going to use it (I am not) I would just go ahead and get the premium version so I wouldn’t have to mess with again after I installed it.
So the takeaway:
- Make sure you are using Mozy or Carbonite to automatically backup your important files
- Don’t open unsolicited email attachments
- Use updated antivirus software
- Don’t install software from popups ever
- Drop the whopping 15 bucks to get CryptoPrevent if you think this attack might ruin your day and you can’t consistently do steps 1-4.
If you have any questions about any of this, feel free to leave a comment, and I’ll respond. You can also send an email to ChiroLoop.
Hint: They will also work for your Chiropractic Clinic
(and 5 of them are completely FREE).