News$17,000 in Ransom Paid by a Health System in LA. Is this a Hollywood movie or Modern-day Pirates?

By Jeremy Kauten, chief information officer, VGM Group, Inc.

Every CEO or business owner is likely asking their IT staff, “Can this happen to us?” And the answer isYES, whether they admit it or not. Hackers steal private patient information and then request ransom for its return. And yes, an event like this just happened to Hollywood Presbyterian Medical Center in Los Angeles.

This type of attack is often referred to as “ransomware,” which is spread through a virus or malware type tactic in order to infect a computer network and “encrypt” data, files or databases and lock the information so that it is inaccessible. The only way to retrieve the information is with the encryption key or “passcode” set by the hacker. The hacker requires a bounty or ransom fee in trade for the encryption key.

How can something like this happen to your business? 

This type of attack is deemed as a low-level attack. It is typically spread through a link on an infected website, an e-mail with an attachment or something as simple as an employee being tricked into clicking a malicious link from a document perceived to be from a trusted source.

What can you do to protect yourself?

1. Buy cyber liability insurance - If you protect your business from flood, fire and vandalism, you should protect it from hackers as well. Right now it is relatively inexpensive for an adequate cyber liability insurance policy. VGM Members receive special pricing from www.vgminsurance.com.
2. Invest in a managed firewall appliance (router) - A “must have” for cybersecurity is a managed firewall appliance. The difference between a managed router and an unmanaged router is that the managed appliance will have an ongoing subscription fee, which keeps the device updated on a regular basis to protect a network from new viruses or hacking tactics. If you have an older router or a router that is not on a monthly or annual subscription, it is likely a threat to your business. VGM Members receive discounts from a trusted partner – Border Patrol, which can be found at www.ACESBorderPatrol.com.
3. Back up your data – For this type of breach (ransomware), having good backups of your data can protect you. If your data were to be compromised, you can restore to a previous version of the data. It is possible a ransomware attack could destroy your backup files. Having a proper data backup plan is crucial to protecting your data. Security experts suggest implementing “backups of your backups.”
4. Update systems – Keeping your antivirus and malware software updated on all of your systems is crucial. Windows updates and general software updates are also key to preventing a breach. Most breaches that take place could have been prevented by having updated software and updated protection services.
5. Protect mobile devices – Many employees may have access to your corporate network or email through a smart phone, tablet or laptop. Be sure that you have a mobile policy, and require all devices to have a passcode at all times. Added protection can be from mobile device management (MDM). Two examples of MDM software to help protect mobile devices are www.AirWatch.com  and  www.mobileiron.com.

Protecting your business against cyberhackers is a never-ending process. Review what you spent last year on IT security, and increase it each year. If you spent nothing last year and didn’t get hacked, don’t continue playing Russian roulette with your business.