SAFER self-assessment in regards to contingency planning gave moderate-to-good overall results but also offered insights on some of the glaring deficiencies currently presented in the system. One of these deficiencies is the lack of ransomware prevention strategies. As it stands, the state of awareness among hospital personnel in regards to viruses, email security, and other important components of online cybersecurity is lacking. The only advice given to employees on the job is a verbal warning not to open letters that are clearly spam or those coming from unrecognized individuals. However, this kind of advice, while common sense, does next to nothing to prevent ransomware and other malware from entering the system. Many scammers and hackers that target the hospital systems make letters appear as though they were sent by patients, medical subcontractors, and other seemingly legitimate sources with an effort to make the employee open them and download corrupted files.
In order to counteract and reduce the chances of malware entering the system, all employees must undergo a training program to improve their knowledge and capabilities to identify and prevent malware from entering the computer. Malware checklists must be issues and frequently implemented before opening and reading any email deemed suspicious. Antivirus programs must be updated frequently and include tools to check for faulty macros codes in Office documents. Finally, all users should be removed from administrative rights to minimize the amount of damage an individual computer could cause to the system. In short, the hospital needs a comprehensive ransomware prevention strategy instead of the existing protocols, which do not offer an adequate level of security.