Your people are the last - and best - line of defense against ransomware attacks.

5 best employee practices for defending against ransomware


Ransomware is one of the most aggressive and damaging types of cybercrime that home health agencies can face. Through this method of attack, cybercriminals block access to a provider’s data and files and then demand a hefty ransom for their return.

Hackers mainly exploit human nature to infect a network with ransomware. One of the most common ways an attack is facilitated is through tricking healthcare staff into downloading malicious email attachments. With just one innocent click, ransomware can be enabled and the computer network of an entire organization is thrown into jeopardy.

ransomware Think twice before you click.

Your people are the last – and best – line of defense against ransomware attacks, and should be trained to identify the warning signs of the crime. Here are five important best practices to share with your employees for defending against ransomware attacks:

1. Don’t download any email attachments from senders you don’t recognize 
Cybercriminals disguise ransomware in attachments that seem to be legitimate documents – for example, the files may be made to look like invoices or patient care charts. A good rule of thumb is to avoid downloading attachments or click links in emails that are sent from senders you do not recognize, and follow the step below if you believe they may possibly be legitimate.

2. Verify senders in real life 
If you receive an email from a sender you don’t recognize, or that contains attachments you weren’t expecting, double-check with the sender in real life. For example, if the email address appears to be from another provider, call that organization an speak with employees there to verify the message. If a co-worker sends you documents out of the blue without context, check with them in person that they meant to send the materials.

3. Watch out for ‘off’ language or tone 
Look out for any emails that contain suspicious-sounding language. If the sender of the email is your boss or colleague, but the tone is unusual for that sender, this could be a sign of a fake email embedded with ransomware.

4. Back up data regularly 
Your IT resource – internal staff contractors – should be backing up agency data onto external servers that are not connected to your organization’s main network. This is one of the best defenses against ransomware, as in the event that network access is blocked, the system can be restored.

5. Be wary of macros 
In many ransomware attacks, when a person clicks on an email attachment, they will be prompted to enable macros. It is often through this enabling of macros that the ransomware is kick-started. If attachments ask you to enable macros, double check with IT staff or managers before clicking “Yes.”