The good news is, in ophthalmology, there are many existing IT systems — in the form of patient administration software, optical coherence tomography(OCT) database, imaging database, shared files and records — available to help keep our practice simplified, organized and up to date. The bad news? All of these are vulnerable to ransomware attacks.
Recognize Your Foes
According to Dr. Marc Sarossy from Melbourne, the key vulnerability of this kind of attack comes through the Windows file-sharing system, a protocol that allows resources to be shared between computers on the network and through a single sign-on at the Windows prompt. This protocol is also used by the Linux and Mac systems.
“Ransomware is malicious software designed to encrypt user’s files. It targets backup and shadow copies and can evade or shut down antivirus software. It can be deployed through a targeted spear-phishing attack,” explained Dr. Sarossy. “Attacks can be in the form of direct attack, browser-based attack, email attack (which is the most likely vector) and Wi-Fi attack. A decrypter is usually available for a ransom of $50,000 to $100,000, although there’s no guarantee it will work,” he shared.
Next, Dr. Jason Ha from the Royal Victorian Eye and Ear Hospital, Melbourne, discussed email intrusions and how to build system resilience against cyberattacks.
“Nowadays, there are increasingly sophisticated cyberattacks coordinated internationally to target organizations and encrypt their data until a hefty ransom is paid,” he shared.
Acknowledge Your Allies
To help you keep safe from cyberattacks, Dr. Ha provided an email security checklist, which includes restricting mail access to trusted users; actively monitoring incoming and outgoing mail; enabling domain-based message authentication, reporting and conformance or DMARC (email authentication protocol that protects a user’s domain from unauthorized use); enabling domain keys identified mail or DKIM (which allows a receiver to verify that an email has actually come from a specific domain); and enabling sender policy framework or SPF (which enables a user’s email server to distinguish forged email/spam from legitimate email).
“Further measures include having robust spam filtering, attachment restrictions (so that only certain file types can enter), and a throttling policy. Perhaps, most importantly, the weakest link in the practice may be an individual that inadvertently presses on an attachment he shouldn’t have. Hence, it’s important to ensure there’s adequate employee training to prevent these types of attacks,” Dr. Ha advised.
Nevertheless, all these measures can only reduce the risk of a cyberattack but never fully mitigate it. According to Dr. Ha, there are other methods that are useful to prevent the propagation of malware once it has entered your practice, such as virtualization, which is the partition of a single physical server into several virtual servers.
“Other risk management techniques include having a written, printed-out disaster plan in case things go wrong, and having a backup system that does not rely on Windows file sharing,” he added. Ideally, it is good to have the backup stored in the location independent of the main server.
“The ophthalmology community is particularly vulnerable to cyberattacks, and complacency can lead to unwanted attacks. A cyberattack and subsequent recovery can cost a practice considerable time, money and stress. We urge you all to review your cybersecurity setups and speak to your colleagues about the importance of cybersecurity,” he remarked.
Editor’s Note: A version of this article was first published in Issue 2 of CAKE & PIE POST (52nd RANZCO Brisbane 2022 Edition). The 52nd Annual Scientific Congress of The Royal Australian and New Zealand College of Ophthalmologists (RANZCO Brisbane 2022) was held virtually from February 26 to March 1. Reporting for this story took place during the event.
