Protecting Your Pharmacy From a Ransomware AttackAugust 23, 2016

2

Justin Sotomayor, PharmD

Pharmacy Informatics Director, CompleteRx

2

Speaker

3

Consider these scenarios…

3

How could a ransomware attack affect you?

Scenario 11. Your ICU patient’s drip runs out2. The ADC is down3. You call pharmacy…no answer4. You’ve been hacked!5. What do you do?

Scenario 21. You’re entering pain medications2. Skull/crossbones flash on screen3. You’re instructed to pay or else!4. There’s no way to print a label5. What do you do?

4

What are ransomware attacks?• Ransomware is a form of malware which

restricts user access to whole operating systems or specific files on a system through encryption

• In ransomware attacks, hackers manipulate users into downloading malicious software, lock down their data, and then extort them for money (typically, bitcoin) for the “key” to unlock or decrypt it

• Pharmacies should pay special attention to ransomware attacks

4

Let’s take a step back…

What are bitcoins?• Open-source, peer-to-peer virtual

currency• Value increases and decreases

like stock • Private, tied to a bitcoin address

vs. a traceable entity

5

Typically…• Hacker targets user via phishing attack or “malvertising”

• User inadvertently downloads malware

• Hacker locks down user’s files or whole computer

• Ransomware may spread to connected files/computers

• User pays ransom or risks hacker destroying the files

5

How do ransomware attacks work?

6 6

How do you prepare for a ransomware attack?

Plan Prevent Maintain Respond

Proactively…

7

Develop a ransomware plan with elements, such as:• Downtime procedures

• Decision trees

• Roles and responsibilities

• Cybersecurity policies

• Strategic partnerships

7

Step 1: Plan

8

Prevent ransomware attacks via: • Authentication

• Antivirus software and firewalls

• Pop-up blockers

• Employee awareness

8

Step 2: Prevent

9

Implement ongoing cybersecurity best practices, such as:• Regular back ups

• Second line connectivity

• Strong passwords

• Software updates

• Employee education modules

9

Step 3: Maintain

10

Should an attack occur, take action:• Disconnect from the network and internet

• Disable file sharing

• Disable remote services

• Activate disaster plan

• Alert the authorities

10

Step 4: Respond

11

When it went wrong:• Kansas Heart Hospital was hit the week of May 22• It lost access to critical files for several days• It paid the ransom, and the hackers asked for more!

When it went right:• You’ll never hear about it• Proper safeguards = business continuity = no press!

11

Case Study: A Tale of Two Hospitals

12 12

Let’s revisit those initial scenarios…

Now what would you do?• Quarantine infected machines

• Deploy paper documentation

• Override ADC machines, as necessary, to retrieve patient medication

• Pull archived MARs, and deliver them to nursing units

• Schedule pickup of paper orders

• Work with IT to wipe machines/upload a backup of the EHR to the server

• Once tested, bring the system back online

• Send paper documentation to pharmacy and other areas

• Enter data into EHR

13

Questions? For more information:• Visit our website: www.completerx.com

• Follow us on Twitter: @CompleteRx

• Or on Facebook: www.facebook.com/completerx

• Keep in touch: knowledgeseries@completerx.com

13

Thank you!