Recently, news broke of a ransomware attack crippling a hospital system in New Jersey; the attack was so bad that the facility had to divert patients to other facilities. Now, a hospital system in Tennessee is dealing with a ransomware attack that has taken 30 hospitals offline, again forcing patients to be diverted. This comes as 60+ credit unions throughout the US are also dealing with a ransomware attack, which caused outages relating to financial transactions. With ransomware appearing so often in the news, you would think that attacks like this are on the rise, and are becoming more common; and you’d be right. Ransomware attacks are up about 73% in 2023 from 2022 with an estimated 898.6 million dollars paid to attackers which represents a 50% increase from 2022. What’s happening, and what can be done to combat this surge in crime?

A ransomware attack is when a virus infects a local computer network and disables access to that network and the devices that are connected to it. When users attempt to access computers on that network, they are greeted by an unpleasant screen demanding anonymous payment to the attackers. If the attackers aren’t paid, the virus then permanently disables access to the devices on the network, and erases all of the data. Often, the erasure is so proficient, that the data cannot be recovered. Ransomware attacks can happen from a number of sources: users could accidentally open malicious emails, which download the viruses to their local network; attackers could gain access to a local network by breaching security protocols like a firewall; or an attacker could place the virus on the network themselves if a target offers public/guest WiFi.

Preventing ransomware attacks starts with strong network security. Trusting systems are vulnerable systems and everything must be encrypted and protected by role-based user access control. Viruses can’t do much if the user that downloaded them lacks permissions and access. Strong network firewalls and intrusion detection software also go a long way to preventing and detecting attacks. Training for all network users is also critical so everyone knows what a suspicious email looks like, and policies need to be put in place so no one can just download random attachments from emails. At Case Medical, we are ISO 27001 certified, which means we follow all of the above and more (learn more by reading our previous blog post here)

Recovering from a ransomware attack is messy, time consuming, and expensive. This is especially true if a facility doesn’t have strong IT policy, redundant systems, regular backups, or intrusion detection software. Every single computer, server, and piece of networking equipment must be quarantined and formatted, with their software being reinstalled as if it is day-one, out of the box. Data must then be restored from back-ups and IT professionals must ensure that repaired equipment is not reinfected. If a facility is unable to do this, and many cannot, they might be forced to pay the attackers so they don’t lose everything. Indeed, many facilities choose this path, which might initially represent the path of least resistance, but ultimately leads to more ransomware attacks because hackers know they will get paid. This also doesn’t take into consideration that no matter if a facility pays or not, their data is almost always stolen and sold on the dark web. This data includes everything from sensitive HIPAA data, to financial information including back account / payment info.

CaseTrak360 is cloud based on AWS, which means it does not live on a local network that could become infected by ransomware. In fact, attackers won’t even be able to see it. CaseTrak360 is also fully encrypted, and does not store any HIPAA data, making it extremely robust and low risk to use. CaseTrak360 is also ISO 27001 certified. This means that all development is secure, all servers are safe/resilient, and all data is protected. This translates into CaseTrak360 being an incredibly tough and reliable program that is virtually immune to cyber security risks. CaseTrak360 will not be taken out by ransomware, and there is no feasible way that a hacker could extract data from it. Users of CaseTrak360 can be confident that when they need to use the software, it will work, regardless of the conditions of their own local network. Given that CaseTrak360 is a medical application, this reliability is extremely important; especially given the increased cyber-attacks on medical facilities. Furthermore, CaseTrak360 is audited annually by a third-party auditor, to ensure that it is maintaining the rigorous requirements of the ISO 27001 standard.