Ransomware seems to be all over. It has become the bogeyman of the IT age. It could be hiding behind the internet window you have open right now! The threat is real, but you don’t have to live in fear. Ransomware does seem to find an easy target with hospitals and other medical facilities, but it can be stopped. So check under your bed and in the closet and let’s begin to take the necessary steps to protect ourselves against this threat.
First of all, what is ransomware? Ransomware is a cyber attack that locks you out of your network and other computer systems until a sum of money is paid. This is troublesome for anyone but it definitely is a terrifying situation for a medical office to be in. How are you going to treat your patients if you can’t see their files? When were they at your office last, what medications are they on, what allergies to do they have, etc. It leaves you and your patients exposed.
In January of 2018 Allscripts, one of the largest electronic health records (EHR) vendors, faced a major ransomware attack that crippled 1500 healthcare organizations. Clinics and patients alike felt violated and angry. There have even been class action lawsuits against Allscripts for not protecting themselves, therefore their clients and their client’s patients,
against this attack.
Allscripts hasn’t been the only medical target for ransomware. Medical facilities can be easy targets because they often do not train their employees on cybersecurity. They also tend to pay the ransom to avoid long delays which leave their patients exposed.
I know this is scary but don’t feel overwhelmed. You can protect yourself and your patients. Learn about cybersecurity and all the steps you can take. Teach your staff about phishing emails. Have backups of all your data. Research security firms. Do the preventative work now so you don’t have to clean up a giant mess later on. Ransomware is looking for easy access.
You can also avoid being the low hanging fruit for cyber predators by performing your security risk audit “SRA”. This is a requirement of HIPAA and a good business practice.
If you need help with the details of an SRA, Medical Practice Solutions is here to help you. Just click on the “Help Now” button on the top right of this page.