Healthcare Ransomware: Pharmacists Need a Backup Plan

QPath Blog Logo
Ransomware: Pharmacists Need a Backup Plan

What do Dickinson County Healthcare System, Hendrick Health System, Sonoma Valley Hospital, Sky Lakes Medical Center, University of Vermont Health Network, Reconstructive Orthopedic Center of Houston, and Delta Dental Plans Association have in common? Hint: It’s not a list you want to find your pharmacy on.

These healthcare organizations, like many other business and public sector entities, are recent victims of ransomware. Reports indicate that 62 healthcare providers have already been hit with ransomware in 2020, with more than a dozen attacked in just the last two months.

Federal Alert to Healthcare
Late last month, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) released a ransomware alert saying they had credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. Just this week, the HHS Office of the Assistant Secretary for Preparedness and Response (ASPR) provided an update to the joint federal alert after seeing proof of stolen healthcare data posted on the dark web.

According to the ASPR update, CISA, HHS, and the FBI consider the ongoing ransomware threat to be credible and persistent. Particularly concerning is the fact that some recent healthcare sector victims experienced less than a few hours in between infection and ransomware activation. Some victims say the attacks were so new and unique that anti-virus tools would not have been effective. These ransomware attacks have limited victims’ network functionality weeks later, required the purchase of thousands of new computers, and even prompted a request to one state’s National Guard to assist in system recovery. Financial and reputational costs to the healthcare organizations, not to mention the potential health and privacy threats to their patients, are huge.

Ransomware Details
With names like TrickBot, BazarLoader and BazarBackdoor, Ryuk, Conti, Sekhmet, Egregor, Mount Locker, NetWalker, and DoppelPaymer, malware and ransomware programs and attacker groups “kidnap” your computer in some way until a ransom is paid. They can encrypt your files, threaten to erase them, or block system access.

Malware and ransomware typically come from phishing emails containing a link to documents from Google Drive™, Excel, PDF, etc. Emails can look legitimate – customer complaints, account alerts, or other to-dos that require you to open the document. Once the document is open and the malware loaded, it attempts to delete all backup files and snapshots to prevent you from recovering the system without a decryption program (which the attacker has). Then you’re told how much to pay to decrypt your files.

How to Protect Your Pharmacy from Ransomware
Experts commonly recommend several best practices to harden your computer system against such an attack. While some are a bit more technical than we’ll address here, common recommendations include:  

  • Install patches to operating systems, software, and firmware as soon as manufacturers release these updates.   
  • Regularly change passwords, avoid reusing passwords for different accounts, and use multi-factor authentication where possible.
  • Disable unused remote-access ports and scan for open or listening ports.
  • Set antivirus and anti-malware solutions to automatically update; conduct regular scans.
  • Maintain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

CISA, FBI, and HHS do not recommend paying ransoms, saying “Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and fund illicit activities.”

Be Aware and Alert to Ransomware Attempts
It’s crucial that the entire pharmacy staff be aware of these threats and how they may be delivered. One of the most common ways that bad guys sneak malware onto your computer is through macro-enabled Excel files. A macro (short for macroinstruction) is a set of commands that automate a process in Excel. Typically, malicious Excel files are attached to a phishing email. If someone opens the attachment and enables the macros, the file will automatically install the cybercriminal’s malware.

To resist email phishing attempts:

  • Never download an attachment from an email that you weren’t expecting.
  • Look carefully attackers often use familiar logos from real businesses to appear more legitimate.
  • Before opening a file, contact the sender another way like phone or text to verify who created the file and what’s in it.

Backup Protection for Pharmacy Software
Because maintaining remote backups is a prime recommendation to defend against ransomware attacks on your pharmacy system, QS/1 offers a Remote Backup and Recovery Service. It offers automatic daily backups stored at two geographically separate data centers. The service encrypts transmissions using government-certified FIPS 140-2 AES and provides recovery services, including equipment replacement, data reloading, system configuration, and testing.          

Remote Backup is available for all QS/1 Pharmacy Management Systems. Each backup is monitored and confirmed to have transmitted correctly. QS/1 support is alerted if a backup doesn’t complete or if errors occur during transmission, and they’ll reach out to you to get the backup to resume properly. This provides confidence that if data is ever blocked or lost, it can be quickly restored in our virtual hosted environment and available for you to connect over the internet within a few hours. 

While it can be tempting to see attacks on your pharmacy management software as unlikely, recent government alerts, news headlines, and victims like the healthcare systems listed above would argue otherwise. QS/1 is here to answer your questions. For more details on our backup protection options, see this article.

Share this Post

Comments (0)