(281) 816-6430    Get SUPPORT

SouthBridge Consulting Blog

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At SouthBridge Consulting, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (281) 816-6430.

How to Plan Your Data Storage Needs
Taking a Look at a Manufacturer’s IT
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, May 19 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Tech Term Internet Data Business Computing Privacy Business Hosted Solutions Email Cloud Data Backup Malware Network Security IT Support Cloud Computing Hackers IT Services Efficiency Business Management Google Hardware Android Server Mobile Devices Encryption Computer Small Business Paperless Office Software Windows 10 Innovation Upgrade Outsourced IT Communication Collaboration Workplace Tips Artificial Intelligence User Tips Managed IT Services VoIP Microsoft Holiday Passwords Data Recovery Ransomware Browser Managed Service Office 365 Government Saving Money Quick Tips Smartphones Chrome BYOD Healthcare Infrastructure Two-factor Authentication Document Management Phishing Wi-Fi Communications Vulnerability Applications Business Technology Blockchain Information Bandwidth Employer-Employee Relationship Website Scam Backup Remote Monitoring Smartphone HIPAA Social Media Mobile Device VPN Automation Antivirus Mobile Security Bring Your Own Device Compliance Management Access Control Network Machine Learning Business Continuity Managed IT services IT Management Cybersecurity Managed Service Provider Internet of Things Maintenance Router Microsoft Office Data Management Cooperation Tablet Gmail Storage Customer Service Staff Disaster Recovery Enterprise Content Management Professional Services Multi-Factor Security IT Technicians How To Permission Shared resources Computing Computing Infrastructure Identity eWaste Features Security Cameras Printer Money Smart Tech Authorization Settings Options Virtualization Break Fix Virtual Reality Cookies Development Voice over Internet Protocol Legislation Fraud Hard Drive Consulting Downtime Spam Smart Technology Social Networking Unified Communications Help Desk Vendor Management Wireless Server Management Assessment Employee-Employer Relationship Test File Sharing Comparison Alerts Patch Management Private Cloud Mobile Device Management Microsoft Excel Connectivity Employees Transportation Managed Services Provider Tech Terms Nanotechnology Cables Instant Messaging Net Neutrality Remote Computing Cache Firewall Motherboard Office Risk Management Mirgation Internet Exlporer Remote Workers OneDrive Specifications Electronic Health Records ROI IoT Remote Monitoring and Management Point of Sale Theft Wires Finance Windows 7 Augmented Reality Hotspot Tech Support BDR G Suite Bookmarks Wasting Time RMM Manufacturing Black Friday Licensing Regulations Company Culture Files Notes Apps SharePoint Data Security Star Wars Zero-Day Threat Chatbots Network Management E-Commerce Financial Dark Web App Facebook Analytics The Internet of Things Mouse Language Gadgets Distributed Denial of Service Chromebook Favorites Windows Google Calendar Permissions Monitoring Electronic Medical Records Hard Disk Drives Customer Relationship Management Cyber Monday Data loss Managing Stress Read Only PowerPoint Downloads Cost Management OneNote Human Error Teamwork Identity Theft Recycling Save Money Social Wearable Technology Screen Reader Authentication Networking Users Managed IT Service Modem Vulnerabilities Politics Database Operating System Solid State Drives Printers Miscellaneous Mobile Office Domains Hard Drives Windows 10 Search Regulation Wireless Internet Public Speaking Presentation Lithium-ion battery Education Cortana Wireless Technology 5G IBM Safety Students Marketing Hacker Criminal Justice Productivity Budget Hiring/Firing Alert Competition IP Address Big Data Fun Twitter