Ransomware prevention

Ransomware can encrypt your patient data and demand a ransom in order to give it back to you. Becoming infected with this type of virus is relatively easy, either you can browse to a website that is infected or download and open an email attachment that is infected. Limiting web browsing to business related activities and not opening unexpected email attachments are keys to preventing this type of infection. While your antivirus and updated network equipment help prevent ransomware infections there are a few more steps you can take… CRC has a few other recommended options we feel are highly important to help protect your businesses data from falling victim to a ransomware attack.


Antivirus on your router has become a necessary layer of protection for your office. Our techs can configure AV on your router as well as block the ransomware virus from reaching outside your network as part of the encryption process. Antivirus for the router can be purchased directly from DELL with the assistance from a CRC tech. Please email us at help@crctechs.com to ask about pricing and to get this configured for you. *Please note, CRC does not mark this up for resell. We feel this is an important addition to your security and will assist with the purchase.


Ransomware could be considered a breach and require HIPAA breach notification under some circumstances. If you do become infected with ransomware you may need to prove that the patient data was not acquired or viewed in reference to HIPAA CFR 164.402(2). CRC offers advanced web filtering that would help satisfy this need. It can log large amounts of data from specific workstations being uploaded to the internet. As a bonus, it can just allow certain websites to be accessed on the network so you have more control over staff internet browsing. This has a cost of $2 per workstation a month.


Aggressive spam filtering can be turned on for your Google Apps account. If you are using Google Apps for your email, please request this feature to be enabled. This will require a dedicated person from your office to check the admin quarantine for filtered email but it totally blocks spam and potentially infected email from reaching your office computers.


Non-PHI Email attachments that you are leery of opening can be checked at https://www.virustotal.com. This is a great site that scans a file with over 60 different popular virus scanners.


Lock down your remote access! If you are using LogMeIn for remote access to your office computers, make sure you have 2-Factor authentication enabled. This means along with your password to logon to your LogMeIn account, LogMeIn emails or texts you a secondary pass code or you have a app on your phone that generates a secondary passcode for you also.


If you have any questions or need assistance with any of the above recommendations, please email us at help@crctechs.com