How to Prevent a Ransomware Attack

by HIPAA HITECH Express | Feb 22, 2016 |

You likely heard last week about the ransomware attack on Hollywood Presbyterian Medical Center (HPMC) in California. As a result of the attack, the medical center was essentially locked out of its electronic health record (EHR) and other critical systems until it paid a ransom to the unknown hackers. For nearly two weeks, HPMC was forced to revert to maintaining paper records and sharing PHI by fax. Hollywood ultimately decided to pay the $17,000 in ransom and was provided the decryption key necessary to access its systems.

While ransomware attacks are relatively unheard of (or unreported) in healthcare, they have been steadily increasing in recent years and that trend is expected to continue. In light of HPMC paying the ransom, hackers may view healthcare organizations as soft targets and step up similar attacks. However, these attacks are not inevitable. Below are some tips to prevent a ransomware attack,

  • Always check who the e-mail sender is: If you see a suspicious message, check with the sender to ensure they actually sent the message. It is better to pick up the phone to confirm this, as the sender may be victim of a spam attack as well.
  • Double-check the contents of the message: Be extremely cautious of suspicious e-mails that contain factual errors or discrepancies. Also, be advised that spammed messages will often use social engineering lures to persuade the recipient to open.
  • Refrain from clicking links in e-mail: The general rule is to avoid clicking links in e-mails as much as possible. If you feel you must click a link, make sure your browser uses web reputation to check the link.
  • Backup, backup, backup: Once ransomware encrypts your data, there is no known way to decrypt the data without the key. Therefore, your best defense is to have accurate backups that follow the 3-2-1 principle (3 copies, 2 different media, 1 separate location). In the event a ransomware attack prevents you access to your data, you can simply resort to your most recent backup and carry on.


Compliance and security are complex, but they don't have to be hard to comprehend. Check out our resources page for more educational ebooks, presentations, infographics, and more!

View All Resources

Our resources are compiled by our experts here at QI Express. With backgrounds in information technology consultation, IT systems design, audits, law, and patient-facing clinical roles, our team is able to leverage a unique scope of experience to deliver the most comprehensive educational material possible.