If your facility’s computers are infected with ransomware, you should report the incident immediately to your FBI Field Office Cyber Task Force or Secret Service field office, according to technical guidance developed by the departments of Homeland Security, Justice, and Health and Human Services summarizing best practices to prevent and respond to ransomware. (The guidance is available online at http://bit.ly/2966w4T.)
For information on contacting the FBI office, go online to the website http://bit.ly/2blgpxu. For information on contacting the Secret Service, go to http://bit.ly/2cb5OGT. Also, go to the FBI Internet Crime Complaint Center at http://bit.ly/1eTje5I, the agencies advise.
Should you pay the ransom? No, according to a joint alert from the U.S. Department of Homeland Security and the Canadian Cyber Incident Response Centre. “Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information,” the alert says. “In addition, decrypting files does not mean the malware infection itself has been removed.” (The alert is available at http://1.usa.gov/1RBQRWD.)
Ellen M. Derrico, MBA, a marketing/market development executive in healthcare and life science technologies and an independent consultant in West Chester, PA, says “Many experts are writing, blogging, and speaking on why it is better to not pay the ransom — ‘don’t negotiate with terrorists.’ But in healthcare, where innocent lives may be at risk if the system goes down and they are in a critical situation — coding, ICU, ED, or OR — then you need to be able to move fast.”
Because every second counts, “it is so critical to know where you stand and know which decision to take, based on your organization’s ability to sideline the ransomware attack,” Derrico says.
Have your plan ready. “The key is when it does happen, how fast can you detect and shut it down, quarantine the rest of your network and devices?” Derrico says. “If you are ready for it and you have a solid plan B to quarantine affected devices, areas of the network, systems, etc., you have everything backed up and accessible somewhere else — the cloud for example — and your people can move fast so as to not put any patient at risk, then don’t pay the ransom.”
If you aren’t able to quickly stop the spread of the ransomware and you don’t have a plan to be up and running again in seconds, “then you have to consider paying the ransomware quickly, before the criminals move on and are gone, and before patients are adversely affected,” she says. “The trick here is, again, to know where you stand.”