When patient care relies heavily on real-time access to medical records and communication systems, malware that destroys or locks data can have devastating consequences. Destructive malware’s ability to spread rapidly across networks can affect individual workstations as well as central servers and their backups. When accompanied by the reality of outdated systems many organizations have, the long term damage of these attacks is felt by both patient and provider.
What is destructive malware?
Destructive malware is malicious software specifically designed to harm, corrupt, or delete data in an organization's systems. Unlike traditional malware, destructive malware is used to disrupt operations by rendering data or systems completely unusable.
Based on a CISA news story on the topic, “Destructive malware may use popular communications tools to spread, including worms sent through email and instant messages, Trojan horses dropped from websites, and virus-infected files downloaded from peer-to-peer connections.” What makes it particularly dangerous is its ability to target and damage infrastructure necessary for basic operations.
How to handle destructive malware
Proactive prevention
Preventative measures are the first line of defense. These measures include the use of security practices like:
- Network segmentation divides networks into isolated segments to prevent malware from spreading.
- Patch management allows for the regular updating of systems and software to ensure vulnerabilities are closed before malware can exploit them.
Rapid detection and response
Real time monitoring systems and intrusion detection systems (IDS) can spot unusual network traffic or unauthorized access attempts that may signal an infection. When paired with anomaly detection tools, organizations can quickly discover and address unexpected behaviors in network activity or file system modifications associated with destructive malware.
File integrity monitoring and version control.
Since destructive malware often targets important files, file integrity monitoring tools can be used to track changes in these files. Regular backups and version control of applications and files allow healthcare organizations to restore clean versions quickly.
Incident response and forensics
Any effective incident response plan consists of several components. This includes:
- The first step is containment. This requires the isolation of infected systems to prevent further damage.
- Next comes the forensic investigation used to determine the scope of the attack, identify the malware strain, and assess the impact on protected health information (PHI).
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What is ransomware?
Ransomware is a type of malicious software that locks or encrypts a victim’s data.
Is there a difference between cyber threats and ransomware?
Yes, cyber threats refer to any potential risks to a system's security ransomware is a specific type of cyber threat involving encryption and locking data for ransom.
Should patients be notified about potential data breaches?
Yes, patients should be notified if their PHI is compromised.
Kirsten Peremore
