Ransomware is Becoming Smarter, But So Can You


On April 6, 2016, the Department of Homeland Security and the Canadian Cyber Incident Response Centre recognized the increasing danger of ransomware by releasing a special warning to health care facilities and other businesses.


“With the intent of educating, guiding and preventing abuses in the technology utilized by healthcare professionals and networks,” the warning stated, “The United States Computer Emergency Readiness Team (US-CERT), within the Department of Homeland Security and the Canadian Cyber Incident Response Centre, have jointly issued a special alert for both nations on the threat of ransomware and recent variants of the virus.

“The alert highlights the threat to the healthcare industry in the U.S. and worldwide, as well as threats to other businesses and individuals, outlining important steps to help organizations from falling victim to a ransomware attack, and guidelines for responding in incidents in which an organization is fending off ransom demands.”


Read on for a summary of the warning signs and precautions you need to know in order to avoid the devastating effects of being victimized.


What is Ransomware and How Does it Work?


Ransomware refers to malicious programs unintentionally downloaded from the internet that can encrypt or lock your computer’s systems until a demanded ransom is paid. Paying the ransom offers no guarantee that the virus will be removed, however.


In the process, you can jeopardize very important information and lose money and valuable time.


Warning Signs of Ransomware: Their Methods


This isn’t new wisdom: If you want to defeat your enemy, it helps to know how they think, what they are after, and the methods they use to get it.


Malicious actors, or those that send out the ransomware, love email. They can send you something with a convincing subject line and request that you open an attachment. Even a simple Microsoft word document can have embedded malware. More often than not, they will be compressed files that will release multiple viruses on your computer.


Actors have also posted convincing and dangerous links on social media. Instant messaging sites are a favorite of theirs. They often exploit vulnerable or outdated web servers. Their malware can be released by a simple click on a website; the bad programs will download and run without you ever knowing.


The impact can be widespread. When one company computer is infected, its specific data is the least of your worries. Many kinds of ransomware will penetrate the contents of shared or network drives and encrypt things the whole company depends on.


The Department of Homeland Security’s warning stated, “In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide.”


One example came just this year, and cost millions to remedy. Hollywood Presbyterian Medical Center in Los Angeles, California was targeted and the malicious actors were able to lock the hospital’s computer systems, debilitating the lab, the emergency room, and pharmaceutical orders. The hospital stumbled by for nearly a week, sending patients to other nearby hospitals, until they finally caved. They paid the ransom of $17,000 in Bitcoin, and luckily, their systems were restored.


This doesn’t have to happen. Another incident in Henderson, Kentucky at Methodist Hospital was overcome after a difficult weekend when the hospital restored all of its data with information stored and updated in backup drives.


So, how do you make your story like the hospital in Kentucky and not like the story of the hospital in California? Keep reading.


What can you do to prevent malware?


First and foremost, be an aware internet user. If it looks suspicious, don’t give it the benefit of the doubt. For more specific and effective safety nets you can set up, read the following:


  • Use application whitelisting. This will keep unapproved programs from running without you knowing. This is one of the most effective preventions.
  • Back up your data. Even if you have a whole company to back up, it is better than losing that entire database to one malicious actor. Test your backups regularly, this can limit the amount of data that can be encrypted and make recovery faster. Store them a separate device and offline if at all possible.
  • Don’t click “Remind Me Later” on your software update pop-ups. Out-of-date applications and operating systems are more vulnerable than you would think.
  • Update your antivirus software. This one is quite obvious, but easy to forget.
  • Scan all software downloaded from the internet before you execute it. A few extra seconds before a download can decrease your chances of being victimized significantly.
  • “Apply the principle of ‘Least Privilege’ to all systems and services.” In other words, restrict permissions.
  • Don’t enable macros from email attachments if you can help it. Block all emails from suspicious sources.
  • Don’t download email attachments from people you don’t know.


Please, for the safety of your company, don’t see this list as another to-do list that is worth procrastinating. Act now, protect your information, and stop these malicious actors.
To read the original article and/or access more resources to safeguard you, click here.

Leave a Comment

...with powerful health care and claims management systems to save them money.
We believe your investment in a health plan should be treated like any other aspect of your business, with upfront knowledge of the costs and all attempts to weed out waste. MBA saves employers more than nickels and dimes with many methods of management, including: Metrics Based Pricing: Why rejoice over a 30% discount on a claim that is 1000% too high? Metrics Based Pricing reduces claims to a “cost of service + reasonable margin” level by auditing claims for unfair markups and inaccurate or fraudulent billing. This results in an average $1500 per employee savings – AND WE DO IT WITHOUT RESTRICTIVE NETWORKS! Medical Management Services: Proven to reduce hospital admissions and the average length of stay. HealthSteps™: Wellness plans and initiatives that do make a difference in the overall health of your workforce and drive down health claims. Prescription Benefit Management: With an average reduction of 9.4%. Internet Prescription Bidding: Allowing employees to save up to 87%. Actuarial Projecting: The projection of benefit costs and savings is one of our underwriting core competencies. Go ahead – suggest benefit changes, add or drop a plan component, change eligibility: MBA will accurately determine the financial impact on the plan and offer suggestions to tweak the benefits to suit your objectives. We offer the facts then you call the shots.
We're neighbors you can talk to...
Where else can you get a direct line to a claims adjudicator, plan manager or even the President of the company? Only at MBA Benefit Administrators. We’re the big third party administrator for health plans with personal service that you can only wish others would provide. Like talking to a friend over a fence, we have that neighborly feel…but we provide world class advantages.
With “outside the box” flexibility in health plan administration…
Since 1987 MBA Benefit Administrators has successfully served large and small employers, public entities, associations, tribal nations, school districts, non-profit organizations and insurers. We have the capability to administer anything from single-plan 25-life groups to complex employee organizations with multiple medical, dental and vision benefits or employees in multiple states. We also provide a wide array of ancillary services such as COBRA and HIPAA administration and HSAs. When you discover:

  • The depth of our experience
  • The flexibility we offer in benefit design
  • Our commitment to technology to make your life easier
  • Our can-do attitude toward service


…we’re confident you too will see why MBA is a national leader in third party administrative healthcare benefits.

…and we prove real solutions do exist for escalating healthcare costs.
We’ve received national kudos for our multiple, proven strategies which reduce claims and plan costs without harmful benefit reductions for our clients’ employees. Proof of MBA’s effectiveness in this is in the numbers. Our clients see:

  • An immediate average reduction of up to 25% in maximum health plan costs the first year,
  • Flat renewals after that, and because of this and our commitment to impeccable service…
  • Our clients remain with us an average of 12 years…an unheard of accomplishment in the health insurance industry.
…and state-of-the-art technology for painless administration and integration of services, we make your life easier.
No one thinks about making your life easier and more efficient than MBA Benefit Administrators. Our technological investments are totally integrated across services so that employees and employers – with HIPAA-compliant and appropriate need-to-know safeguards – can view at a glance their standing for benefits, claims, plan reporting and other services. These advancements provide:

A Comprehensive On-Line Enrollment Wizard: Employee self-enrollment or HR department enrollment methods, including ancillary program enrollments and billings.

HR On-line Capabilities: View, adjust and approve on-line employee eligibilities; check claims status, print reports and plan documents all from one place.

Multiple Employee Access Channels: Employees can view on-line their claims status, eligibility and account balances of reimbursement plans such as HRA, HSA, Flex and Executive Reimbursement plans. In addition, we offer all employees our MBA App, where they can:

  • Carry a virtual ID card,
  • Check on the status of a claim,
  • Submit secure documentation to MBA,
  • Contact our support team,
  • …and more!

On-line Document Management: In one place view specific documents such as:

  • Plan Documents
  • Temporary ID Cards, and
  • Employee Communications and Forms

HSA Services Integration: MBA seamlessly integrates HSA plans with HealthEquity Services. Claims information is electronically transferred from MBA’s claims system to HealthEquity employee accounts. There is no need for paper claim filing or second-guessing the eligibility of expenses. Even employee eligibility is updated through MBA data feeds.

HRA Reimbursement Plans: MBA’s administration processes allow clients and their participants to rely on accurate and timely processing of reimbursements. Eligibility, billing and remittance of claims, integrated scanning and storage allow for real-time remote access.

Section 125 Flexible Spending Plans: MBA Benefit Administrators coordinates with employers to offer Section 125 Flexible Spending administration and help employees save money on medical expenses. Providing this benefit for your employees is like getting a 30% discount on Medical Premiums, uncovered medical expenses and dependent care.

COBRA Administration: MBA Benefit Administrators can handle all of your COBRA requirements. We will mail and track notifications, coordinate COBRA payments, receipts and reporting and ensure claims match “paid through” dates, plus give you on-line access to all activities.

At MBA employers are cared for too…
MBA goes the extra mile to ensure that as an employer your health plan does not complicate your life. We give you things like:

  • Business intelligence for advanced reporting and critical analysis of your plan’s performance, costs, payouts, claims analysis and large claims submitted for insurance.
  • Billing and Funding services integrated with enrollment, customized to your specifications and handled electronically.
  • Account balancing systems produce cost accounting reports and perform bank reconciliation activities, available for review at any time.
  • And the ability to review multiple reports regarding your plan; check registers, active employee reports, YTD recaps, claims reviews and lots more.