Healthcare IT Security

10 Steps to Take When (Not If) You're Hit With a Ransomware Attack

Krishna Kurapati
April 12, 2016

Ransomware. It’s become an almost weekly headline in the healthcare industry. Hospitals in California, Washington, D.C., Texas, and other areas of the country have found themselves at the mercy of hackers who can completely paralyze the IT infrastructure. What’s at stake? Patient care, Protected Health Information (PHI) of countless patients and reputation of the hospital. Phishing seems to be the main mode of attack, meaning that the opening of a single seemingly harmless email could put a healthcare organization on the hook for thousands, maybe millions of dollars if they don’t comply with the hacker’s demands. That cost doesn’t even include the possibility of severe HIPAA fines if any PHI is compromised.

Taking Action Against Ransomware

taking action against ransomware

As a health IT professional, what can you do if faced with a ransomware attack? Swift and immediate action must be taken as time is of the essence. Below are step-by-step instructions that your team should follow to limit the amount of damage caused by ransomware:

  1. Turn off Internet access through Firewall including VPN access.
  2. Disconnect the email server, then find and remove all ransomware emails.
  3. Lock all User Accounts on Active Directory so that users can no longer access the computers to block spreading of ransomware.
  4. Use Cloud-based Secure Texting service on Personal Smartphones to carry on care coordination. Use Texting, Images, Audio and Video to start collaborating on patient care to reduce errors in the absence of access to EMR.
  5. Ask clinicians to create secure texting conversation threads around patient names.
  6. Expire all Passwords (most importantly the IT Admin Passwords).
  7. Reimage computers infected by Ransomware.
  8. Turn on Active Directory and allow access to EMR internally.
  9. Turn on Internal access through Firewall.
  10. Finally, sync all patient-centric conversations from the Secure Texting service with EMR.

While containing and eradicating the ransomware, use the broadcasting feature of your secure texting service to update every one of the current statuses.

Are You Prepared for the Next Ransomware Attack?

If you need any help with establishing a Secure Texting Command Center for your healthcare organization, please do not hesitate to contact QliqSOFT. If you would like to learn more about how secure texting can be used as a disaster preparedness tool, schedule a free 30-minute demo HERE.

The Author
Krishna Kurapati

With over two decades of technology entrepreneurship background, Krishna Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges in US Healthcare. During the late 90s, Krishna co-founded IPCell to build the first Cable IP Telephony switch, eventually selling the company to Cisco Systems. In 2003, he started Sipera (acquired by Avaya Systems) to solve security issues for Unified Communications' and raised over $30MM in venture funding. Additionally, he has been actively involved in the early-stage financing of startups in both the US and India.

Healthcare's Most Flexible Collaboration Platform

Engaging Patients and Connecting Care Teams Through Interactive Digital Conversations

Learn More