As a growing number of medical facilities are struck by ransomware, the US Department of Health and Human Services (HHS) has published a fact sheet describing how businesses that process electronic Protected Health Information (ePHI) should defend against and respond to ransomware.
Ransomware has become the weapon of choice for financially motivated cybercriminals. Individuals, hospitals, businesses, schools, police departments, and government agencies have all been victims of highly disruptive ransomware, resulting in ransom payments totaling at least $24 million in 2015, according to the DoJ and DHS. It doesn’t take much to start a ransomware campaign, and the returns can be extremely high. Fortunately, the steps to prevent ransomware from succeeding are equally simple and low cost.
By now, you’ve probably heard something about the ongoing legal battle between Apple and the Department of Justice. “DoJ v. Apple” coverage has been abundant, on blogs and TV news shows alike, but in case you haven’t here’s a quick recap. The FBI obtained the work iPhone of Syed Rizwan Farook, who, along with his wife Tashfeen Malik, murdered 14 people in a shooting rampage at a holiday party in San Bernardino, California. The government suspects that iPhone may hold critical information about the couple’s contacts in the weeks leading up to the attacks – contacts that may uncover future plots. They have a warrant, but they can’t access the data on the phone because it is using the strong encryption that comes with iOS 9 and up. Not even Apple can bypass the encryption, at least directly.