The global cyber-attack that hit the NHS in Scotland and England over the weekend was reportedly the largest in NHS history. As GPs and dentists logged on to their computers following the weekend, many were finding that they too had been targeted, resulting in a partial or complete shut-down of their practice until the issue can be resolved.
Naturally, many practices (as well as businesses beyond the Healthcare sector) who haven't been targeted are still concerned about what they can do to limit their exposure to a potential hack. Below is a list of practical steps that you can (and should) take to make sure that you protect your practice as much as possible in these crucial next few days.
- Back up important
data. The single most important thing you can do to
mitigate the risks which ransomware can pose to your practice is to
back up all data on a regular (ideally daily basis). You
can't be held to ransom for data which you hold somewhere
else!
- Make sure your Windows
updates are all fully installed and up-to-date. Windows
released a security patch to update to their software in March and
Microsoft have advised that businesses immediately install this
update.
- Ensure your anti-virus is
up-to-date and run a scan. If you don't
have anti-virus protection, install it now from one of the
reputable vendors. Most will come with an initial free trial
period.
- Be careful what you click
on. You should only click on emails that you are
sure came from a trusted source.
- Don't log into personal
emails on your work machines. It's most likely that
your office emails are routed through a strong anti-virus/spam
filter, but it's unlikely that your personal emails will have
this protection.
- Avoid accessing social
media or forum websites from work computers. These
websites are more prone than others to hosting malicious
software. Whilst the main platforms themselves may be safe,
they often contain links to less secure sites that can contain
malware.
- Do not click on links
inside cookie banners. There have been reports of
malicious software infecting machines through links contained in
cookie banners that appear on most websites.
- Speak to your staff. Ensure that all of your staff are made aware of the risks faced and these simple practical steps. If necessary update your internal procedures to restrict access to certain sites, even if only in the short term.
Finally, if you have had the misfortune of having your network infected do not do anything without first seeking specialist help. To date, many who have paid the bit-coin ransom have not received the necessary code to get their files back. Experts are therefore advising those affected not to pay over the ransom sum.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.