News that the recent ransomware cyberattack targeted hospitals and health care networks causes worries about the safety of medical data. What records are susceptible to attack? The cyberattackers who encrypted the data on computers and held it for ransom weren’t after medical records or other personal information. They wanted the ransom. But in the United Kingdom, some emergency rooms were shut down, and treatments were delayed because medical staff couldn’t access patient records. That’s scary. The next threat could be, “Pay us or we will not give you access to your data, and we will sell it to the bad guys.” That kind of attack will be here shortly, if it’s not here already.
Are U.S. consumers vulnerable? Yes. This ransomware went viral. It had the ability not only to encrypt data on the machine it infected but also to search for other machines on the network that it could access and encrypt.
How can we protect ourselves? Keep your operating system up to date. Microsoft, Apple and others issue updates in order to close holes that could cause trouble. You need to upload them to your PC. Many people don’t, or they’re using obsolete versions of Windows, such as XP or Vista, that leave them vulnerable to cyberattacks. Back up files once a month by saving them to the cloud, an external hard drive or a memory stick. There is no such thing as 100% protection, so back up your data.
What if you’re already a target? There’s no assurance you’ll get your data back even if you pay. But computer scientists have figured out how to unlock your data from some ransomware. Search the web for unique words in your ransomware note to see if a free decoder is available. It doesn’t always work because data that the decoder needs may no longer be on your hard drive. But you can try.
What about attacks that do target personal info? Is my medical data at risk? If you have health insurance, someone can steal your identity to assume your benefits. But there are things you can do. Treat medical ID cards like ATM cards. Don’t leave them lying around. When you get an explanation of benefits letter in the mail, make sure you had the services described. If you don’t get an EOB, it might mean the bad guys got into the insurer’s system and changed your mailing address and e-mail. Call your insurer right away.