Preventing ransomware attacks from happening should be the top priority for every healthcare institution right now. Unfortunately, their limited budgets and less-than-stellar IT staff make that task a lot harder than need be. Providing guidelines is a good way to tackle this situation, albeit it may not yield the desired effect in the long run.
Training hospital staffers to spot a malware threat sounds great on paper, but it’s hard to achieve in real life. Most of the people working at a hospital are already overworked, and the last thing they need is more things on their plate. Limiting user access to account records is another option worth exploring, but it might create friction. If not everyone can access the document correctly, waiting for someone to come by with file access will only slow operations down.
One of the only ways to properly deal with a ransomware attack is by making regular system backups. The HIPAA guidelines touch upon this subject as well, as regular data backups are advised. Developing new security incident procedures, as well as reporting processes, are direly needed.
http://www.newsbtc.com/2016/07/16/hhs-issues-new-ransomware-guidelines-healthcare-sector/
