Visit our Clinical Hub ยป
11 April 2016
print version

Q. What is ransomware?

A. Ransomware is a nasty piece of code that prevents you from using your PC until you pay money to the hacker. Basically it means that your computer and its files have been compromised. Your files may be encrypted, so that you cannot access them, or they may have been removed, with the threat of releasing them to the internet. It is a catastrophic situation for a general practice.

There is a recent account in the New York Times of a small hospital in Los Angeles that had its patient records encrypted and was forced to pay a ransom of $17,000 to have them released. Go to and search for 'ransomware'. Common types of ransomware were found on more than 850,000 PCs running Microsoft security software between June and November 2015.

Measures to prevent a ransomware attack can be divided into technical and people aspects. On the technical side:

  • Ensure your operating system is up to date and all security patches are in place
  • If some of your computers are running Windows XP, then update the operating system on the computers or replace them with new computers
  • Ensure you have up to date antivirus software
  • Back up your files regularly

On the people side of malware prevention:

  • Put in place a practice policy on appropriate usage of the internet. There is a policy document available on the GPIT website, in the publications and reports section, see
  • Don't use the practice computers or networks to do anything personal, for example web browsing, shopping, booking flights, Facebook or Twitter
  • Avoid clicking on links in emails or opening attachments from people you don't know
  • Consider cutting down on regular email at work and increasing your use of Healthmail, secure clinical email,
  • Be wary of USB flash drives carrying infection
  • Don't stream sports events illegally on your laptop
  • Don't let your children use your work computing devices
  • Separate your personal computing from your work computing

It seems likely that most cases of ransomware are initiated by people visiting a compromised website or clicking on a link in an email. The internet is a scary place. If you do get compromised by ransomware you need to engage the assistance of an information security company and report the breach to the office of the Data Protection Commissioner.