Preventing successful ransomware attacks with robust security measures is the best way to cope with this hacking epidemic. But if attackers are successful, covered entities (CEs) and business associates (BAs) should follow a ransomware recovery road map to make their way back to full operation.
Rebecca Herold, president of SIMBUS360 and CEO of The Privacy Professor, said that organizations with well-documented disaster recovery and breach response plans should follow them in the event of a ransomware attack. “Security programs should require encrypting data at rest, in transit, and at the point of collection and deletion,” she explained. “Sadly, fewer covered entities have such a well-documented plan than those who do not. And, an even greater percentage of business associates do not have such plans than those who do, even though having such plans is necessary for HIPAA compliance, as well as for effective risk management.”
Entities that have such plans in place, along with recent backups, can avoid making payments to cybercriminals, Herold said. Those organizations will be able to get their systems back up and running relatively quickly, and with little negative impact to the organization and the associated individuals, she said.
Roger Shindell, founder and CEO of Carosh Compliance Solutions, said organizations that have been breached have few good options. “If an organization is successfully attacked, remediation is too late,” he said.
The first thing to do if your organization falls victim to ransomware is attempt to remove the affected system from your network, Shindell said. Still, he added, “it’s probably too late to keep the malware from the rest of your systems.” The next step is to notify the FBI and the appropriate state agencies, he said.