Ransomware may have made its nightmarish debut into the healthcare sphere less than a year ago, but sectors like finance and the federal government have been wary of its dark potential for far longer. In light of the growing threat, the Federal Trade Commission is planning an informational workshop about ransomware for Sept. 7 in Washington, D.C.
"With alarming frequency, ransomware hackers are sneaking into consumer and business computers, encrypting files containing photos, documents and other important data, and then demanding a ransom in exchange for the key needed to decrypt the files," an FTC announcement reads. "At times, these hackers pose as the FBI or other law enforcement officials and claim that the ransom is a 'fine' for viewing illegal material and that failure to pay the 'fine' will result in criminal prosecution."
Types of ransomware are also evolving, with new iterations having the potential to reach beyond a network, like a hospital's EHR, for example, and infect all of the mobile devices attached to it. Thus far, no causal link has been established between a ransomware incident at a hospital and an impact on patient care, but it stands to reason that locking physicians and staff out of the systems that have the most up-to-date information necessary to ensure patient safety will result in patient harm at some point, if it hasn't happened yet.
The workshop will address the following, according to the FTC:
- How do ransomware extortionists gain access to consumer and business computers?
- What role can consumer and business education play in preventing ransomware infections?
- Are there steps consumers and businesses should be taking to reduce the risk of ransomware or to decrease its impact?
- Are there technological measures that computer operating system and web browser designers can take to prevent ransomware?
- Are there browser plug-ins or other tools that consumers and businesses can employ that will warn if their data is about to be encrypted?
- What can be learned from criminal law enforcement's efforts to combat ransomware?
- If you fall prey to ransomware, should you pay the ransom?
- If you pay the ransom, how likely are you to receive the decryption key and be able to view your files?
- What happens if you don't pay the ransom? Are your files lost forever?