By: Kali Durgampudi
Ransomware attacks are more prevalent than ever but recovery is possible if you follow the right best practices. Here’s what needs to be done on Day One.
Ransomware is surging, and it’s taking a toll on the healthcare sector. In fact, ransomware attacks on businesses increased by 195% in the first three months of 2019. The price tag of these attacks is growing too. In the first quarter of 2019, the average ransomware demand was 93% higher than in 2018.
Healthcare is the hardest hit of all sectors. Healthcare breaches accounted for 37% of all ransomware incidents. Therefore it is imperative that you know what to do ahead of time in case your practice or facility determines an attack is underway.
Let’s consider what you should do on Day One of a ransomware attack.
Ransomware attack! What to do on Day One
Let’s say you work at a large medical practice. You begin to have trouble accessing an application or system that is a core component of your work. The server isn’t responding, so you contact the IT help desk. At the same time, the security team starts receiving alerts. These all are the early signs that ransomware is holding your organization hostage.
Once a ransomware attack is confirmed, immediate action must be taken. Infected servers and endpoints should be shut down to contain the impact of the attack. At the same time, IT and security teams need to investigate. Maybe the attacker gained access to the system by exploiting holes left by missing patches. Perhaps it was a phishing attack. Or maybe the hackers found another way in.
After confirmation of the attack, your organization — most likely at the executive level — has a big decision to make. Do you pay the cybercriminals? Or do you ignore the ransom demands, and get back to business by following your disaster recovery protocol?