Ransomware - mitigation advice

Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target our computer networks. Consequently, prior to the ‘WannaCry’ ransomware attacks that recently affected many healthcare organisations globally, the Australian Digital Health Agency (the Agency) had taken proactive steps to defend against this type of attack.

In addition, to support the health sector more broadly, the Agency has developed and published Risk Mitigation Advice: Preventing and Recovering from Ransomware. These guides – one developed for the executive level managers of medium to large health organisations, and one developed for IT practitioners within the health organisation – provide the information and advice needed for healthcare providers to prepare and recover from a ransomware attack.

Check with your IT support provider that the usual security precautions are in place:

  • Make sure your security software patches are up to date. This particular ransomware variant exploits a vulnerability that Microsoft fixed in this patch.
  • Make sure that you are running up-to-date anti-virus software.
  • Back up your data somewhere else (and store it in a location that is not connected to your main computer system). You can’t be held to ransom if the data is available from another place – this is your best protection from ransomware. Are you sure that your backups are working? A regular restore from backup must be done to check that your backups are working.

Unsupported operating systems such as Microsoft Windows XP carry a heightened security risk. Where possible unsupported operating systems should be upgraded to supported versions. However, if you are currently using Microsoft Windows XP, Server 2003 or an unsupported version of Windows 8, you should apply this patch Microsoft has released until such time as you are able to upgrade to a newer operating system.

Beware of risks associated with clicking links in emails or opening attachments (especially when they’re from an unknown email address). To reduce the risk:

  1. First hover on the link with your mouse pointer, and look at where the link is taking you.
  2. Take a second to think. Any link or attachment that is not from within your practice or immediate network, or a recognised friend, should not to be clicked. When in doubt, either call or email (in a separate email) your friend or the organisation asking them to confirm that the email is legitimate.
  3. Only click if you’re sure it’s safe

For information, visit: