Resisting the Latest Wave of Ransomware in Healthcare
By Gil Vidals, , HIPAA Blog, Resources

What you Must Do Now

It’s become the classic “Catch-22” of ransomware: you’re hit with a surprise attack – a rogue wave of ransomware – and find yourself unable to access your patient data or vital systems – “dead in the water.”  

You know the consequences of not paying the ransom (though law enforcement urges you not to) are dire: a loss of critical services to patients, and a potential loss of business reputation and future viability. So you pay up, and the criminals continue on their not-so-merry way.

If it hasn’t happened to you, be thankful – but prepare for the worst anyway. Ransomware attacks now happen on average every 11 seconds

The University of Vermont Health Network felt the pain – to the tune of $1.5 million per day in lost revenue and expenses – when its electronic health record (EHR) system was forced offline for an entire month this past October. A ransomware attack led to outages in six of its hospitals, and the staff had to record everything – from patient information to medications and lab orders – by hand. 

That’s one version of how things might go, and it’s bad enough. But as this latest wave of ransomware attacks now demonstrate – as one security expert notes – the hackers are now seeking an even bigger prize. Once access to your network is obtained by stealing your credentials, attackers may go after:

  • Stealing your intellectual property (copying before encrypting)
  • Using stolen data to spear phish your partners and customers
  • Threatening your employees and customers
  • Public shaming, including publishing your data for the world to see

In other words, holding your data for ransom may now be small potatoes for some. Another security expert described it in these terms:

Cybercriminals are motivated by time-to-value as much as modern businesses may be, and it turns out that holding systems and data for ransom can be more profitable with less effort. It doesn’t even always require a great detail of sophistication on behalf of the adversary to execute a highly profitable attack.

So What Should You Do?

It’s a drum we’ve been beating, but it bears repeating: assuming you’ve recognized the need for HIPAA compliant hosting of your data, a robust line of defense against ransomware and other cyberattacks must include the following:

1. A Well-Trained, Cyber-Smart Staff –

We list this as a top priority, based on how most ransomware attacks (67%) are happening: email phishing. As such, everyone on your staff is a potential target. If the attackers can steal credentials and penetrate your network because one of your staff clicked on a link – maybe an enticing ad that looked legitimate – they are home free.

 In addition, raising the level of cyber-awareness on issues such as workstation security, strong passwords, and the use of multi-factor authentication are essential, to help eliminate a potential weak link in your system. Here’s an excellent, low-cost training program you can use to equip all levels of your staff.

2. Regular Backups of your Data –

Regular backups – or replicating your data to a geographically distinct location – is a requirement of HIPAA to maintain high availability of data. If ransomware does happen to infect your system, or fire or flood happens to take out your data center, you should be able to restore your system with a backup of your data. This is necessary as well because backups that are local can also be targeted in a ransomware attack. 

While helpful, many backups of systems are performed too infrequently to capture an accurate picture of the latest data. For this reason, HIPAA Vault also utilizes system-based snapshots to capture the most recent configuration and disk data that flows through your servers.

3. Layers of Managed Security –

The benefits of a managed security service provider with HIPAA expertise are numerous. Above all, they’re trained data security experts in the fight against ransomware, able to handle the following tasks for you so you can concentrate on your business. These tasks include:       

  • A regular schedule of patching your entire system, and applying the latest security updates – This is indispensable, as hackers routinely look for security flaws present in unpatched systems. Everything in your infrastructure – from Windows updates to WordPress installations and even Virtual Private Networks (VPNs) – should be configured to apply updates continually. The now-bankrupt Travelex was infiltrated because their VPN software lacked the latest security patches.
  • Disabling default accounts and credentials, and using strong passwords with multi-factor authentication (MFA) – Default passwords provided by a manufacturer are easily guessed by hackers; it’s essential that these are changed. Yet strong passwords alone – as important as they are – can still become a single-point-of-failure. This is why multi-factor authentication is a must; even if your password does happen to fall into the wrong hands, a secondary means of authentication will be required. 
  • Scanning for vulnerabilities with an advanced IDS (Intrusion Detection System) – You need to know when an attack on your network is happening; an intrusion detection and prevention system is therefore critical for monitoring traffic for any suspicious activity.  
  • Maintaining anti-virus, firewalls, and more – We’ve discussed previously how a multi-server environment that includes a web application firewall and advanced security policies is key for proactive detection and blocking. You can check that out here.   

For a more detailed look at what a HIPAA compliant hosting company can provide, see our article.   

HIPAA Vault is here to help in the face of these increasing ransomware attacks directed at healthcare. Talk to us today! 760-290-3460 or visit

HIPAA Vault is the leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to providing secure infrastructure and compliance for health companies, HIPAA Vault provides a full array of HIPAA compliant cloud solutions, including secure email, HIPAA compliant WordPress, secure file sharing, and more.

Avatar photo

Gil Vidals is the president and CTO of HIPAA Vault. He is a passionate, subject matter expert on HIPAA compliance and the healthcare cloud, and co-host of the HIPAA Vault podcast. Since 1997, Gil’s mission has been to provide uncompromising and affordable HIPAA compliant hosting solutions to commercial and government clients, helping protect their sensitive health information from data breaches and security vulnerabilities. HIPAA Vault has been recognized as an Inc. 5000 company and a Clutch Top B2B company. He can be reached here on Linkedin.