Dialogue Volume 13 Issue 3 2017 - Page 46

PRACTICE PARTNER Physicians Urged to be on Alert for Ransomware Threat I n the wake of a spate of ransomware attacks on physicians’ computer systems, doctors are being urged to take steps to both protect their com- puter systems from malware and mitigate the damage from a possible malware incident. In July, the Canadian Medical Protective Association (CMPA) published an article on its website reporting that it had been contacted recently by a number of physicians who have had their practices disrupted by ransomware demands. Ransomware is initiated when someone unknow- ingly opens an email attachment containing a ran- somware virus. It denies the user access to their data by encrypting the data with a key known only to the hacker who has deployed the malware. After the user’s data is encrypted, the ransomware directs the user to pay a ransom (usually in Bitcoin) in order to receive a decryption key and regain access to their files. Ransomware presents serious issues for doctors and their patients. First, patient care may be delayed if their doctor cannot access their electronic medical records. Second, because ransomware may allow hackers to access personal health information contained in the electronic files, a ransomware incident should be treated as a privacy breach. Notification of a privacy breach to the affected individuals or the privacy commissioner, or both, may be necessary. The CMPA urges affected physicians to contact it for further guidance. The CMPA’s article urges physicians to learn to 46 DIALOGUE ISSUE 3, 2017 recognize and avoid phishing scams and to not open unsolicited email attachments – and to encourage staff to be similarly aware. Physicians are also urged to seek expert advice about implementing a layered approach to securing their computer system. Law enforcement agencies and cybersecurity experts urge victims of ransomware not to pay the ransoms, because it encourages hackers to engage in further activity. The CMPA says it believes that the decision to pay the ransom depends on each situation. “[The deci- sion] rests on your assessment of the risks and whether you have good backups and can recover quickly. The ransom can be considerable, and payment provides no guarantee that the information will actually be recov- ered. When patient care is at risk and restoring access to medical records quickly is important, paying the ransom is one option,” stated the article. Other options, stated the article, include online tools such as nomoreransom.org, a site backed by a group of recognized cybersecurity companies, who of- fer to unlock encrypted files at no charge. The capa- bility of the service, however, is limited to only some types of ransomware. If you experience a ransomware incident, promptly contact your IT specialist and review your options, states the CMPA. Physicians may also report the inci- dent to the Canadian Anti-Fraud Centre, and contact the CMPA for further guidance. MD CMPA says a number of physicians’ medical files have been held hostage