What is Ransomware, and How Can You Stop It?

As part of Kareo’s commitment to educating our customers on how to keep their patient data safe, this article is part one of a two-part series in August on protecting data in your practice.


Ransomware, a type of malicious software or malware, encrypts a victim's data. When the user or organization’s critical data is encrypted, it becomes impossible to access files, databases, or applications. The attacker then demands a form of ransom to enable access. After the ransom is paid, the attacker sends a decryption key to restore access to the victim's data. The ransom can range from a few hundred to millions of dollars.

Join us for our Security webinar on August 25, 2021 at 10 am PST. You can register here.


Ransomware is often designed to spread across a network and target database and file servers. Then it can quickly paralyze an entire organization and compromise the privacy of individual data.

What is growing more common, according to Kareo’s Information Security Manager, Jesse Salmon, is Ransomware as a Service (RaaS). This is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease Software as a Service (SaaS) products.

RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a service. RaaS kits allow malicious actors lacking the skill or time to develop their own ransomware variants to be up and running quickly and affordably.

Ransomware cases have been on an upward trend since 2016 and now account for 5 percent of total data breach incidents with 10 percent of those breaches involving ransomware, according to the Federal Bureau of Investigation (FBI). Some experts believe that this is because attackers have adopted the tactic of stealing the data and publishing it instead of just encrypting it.

There are several ways that the ransomware gets on the system, with the attackers having strong preferences that can be broken into several vectors. The first vector is through the use of stolen credentials or brute force. About 60 percent of the ransomware cases involve direct installation, or installation through desktop sharing apps. The rest of the vectors are split between e-mail, network propagation and downloads from other malware.

Nearly 7.8 percent of organizations attempted to download at least one piece of known ransomware last year. For these types of incidents and breaches, servers are being targeted, because the data is located there.

In Salmon’s webinar on August 25, he will share his top cybersecurity tips and additional insights, including ways to spot and stop ransomware attacks, especially while providing remote care delivery services. He believes that 63 percent of data breaches come from third-party providers in the healthcare industry.

Four out of five healthcare organizations surveyed for a report released recently have experienced a cybersecurity breach precipitated by a third-party vendor over the past 12 months, according to Healthcare News. Providers are focused on patient care, but they also need to have safeguards for their data.

Since the beginning of the COVID pandemic, there has been a threefold increase in ransomware attacks, especially among smaller operations. Kareo blocks hundreds of these attacks per year, according to Salmon.

Spotting and stopping ransomware are critical to keeping data safe. Stopping and protecting against ransomware is a five-step process, Salmon said.


The first step is identification. Stay aware of threats. Kareo plans to publish more blog articles to make sure customers understand the threats of ransomware and stay safe.

The second step is taking preventative measures. Customers need to know how to harden their networks, keep changing passwords and make sure their systems are updated and patched.

The third step is monitoring to determine who is looking at e-mails is a major time investment but also a HIPAA requirement. “Find the time, familiarize yourself with the process and do it,” Salmon advised.

The fourth step is responding to the the ransomware attack. When something happens, the organization has to respond. There may not be enough time for the organization to respond to the activity, so the organization has to prepare for the event.

Lastly, there is system improvement. An organization may have to let go of the data affected, so it is important to have offsite backup capability. Using Kareo software provides that backup.

Kareo’s information security team maintains technical safeguards to protect patient data against ransomware and other issues. It enables customers to maintain confidentiality, integrity, and availability in the face of ransomware attacks. Third-party certification gives you the confidence that impartial security assessments have been performed and show that your systems are free of ransomware.

Protect yourself because a data breach can happen to any practice or business. To register for our upcoming August 25 webinar on data security protection, register here. For more details on how Kareo keeps each customer's  patient data safe, visit us at Kareo.com/security.

About the Author

Ilene Schneider, owner of Schneider the Writer, provides communications support to health care, technology, educational and service enterprises. Ilene has an extensive...

Subscribe to Our Newsletter!

Enter your email address to receive "Go Practice" as an email newsletter.

Kareo and PatientPop are now Tebra

The digital backbone for your practice success.

The combined power of Kareo and PatientPop

As leaders in clinical, financial, and practice growth technology, Kareo and PatientPop have joined forces as Tebra to support the connected practice of the future and modernize every step of the patient journey. Learn more