Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At 415 IT, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (415) 295-4898.

How to Plan Your Data Storage Needs
Taking a Look at a Manufacturer’s IT


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, May 19 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Best Practices Productivity Business Computing Data Backup Privacy Hosted Solutions Network Security Cloud Data Recovery Email Tech Term Malware IT Support Data Software Business Outsourced IT IT Services Innovation Hackers Internet Managed IT Services Small Business Business Management Cloud Computing Ransomware Mobile Devices Paperless Office Android User Tips Efficiency Google Windows 10 Encryption Upgrade Collaboration Hardware Computer Phishing Communication Remote Monitoring Server Business Continuity Vulnerability Managed Service Provider VoIp Microsoft Passwords Data Management Managed IT Applications Browser Workplace Tips Artificial Intelligence Backup Office 365 Holiday Business Technology Communications Smartphones Internet of Things Managed IT services Tip of the week Information Cybersecurity Compliance Smartphone Antivirus Employer-Employee Relationship Project Management Saving Money Managed Service Disaster Recovery Scam Wi-Fi Document Management Government Mobile Device Bandwidth Healthcare Website BYOD Automation Microsoft Office Vendor Management IT Management Blockchain BDR Data Security Infrastructure Customer Relationship Management Chrome Social Media Router Two-factor Authentication Analytics Quick Tips VPN Save Money Unified Communications Server Management Files Access Control Gmail Proactive Virtual Private Network The Internet of Things Company Culture Cooperation Risk Management Windows Help Desk Assessment Word Remote Monitoring and Management IoT Software as a Service Net Neutrality Regulations Network Management Patch Management Management File Sharing Tablet Employees Internet Exlporer Smart Technology Data Loss Facebook Storage Alert Bring Your Own Device HIPAA Redundancy Maintenance Network Unified Threat Management Remote Workers Machine Learning Networking Mobile Security Search Distributed Denial of Service MSP Smart Tech Finance Mobility Legislation Unified Threat Management Point of Sale Mobile Tech Terms Conferencing Development Bluetooth Database Shortcut Proactive IT Recycling RMM Recovery Hard Disk Drives Specifications Motherboard Chromebook Printing Notes Operations IT Technicians Cost Management Human Error Digital Payment Hotspot Managed IT Service Lenovo Connectivity Authentication E-Commerce Theft Black Friday Samsung Cookies Meetings Cables Voice over Internet Protocol IT Consulting Migration Monitoring eWaste Electronic Medical Records Gadgets Solid State Drives Vulnerabilities Remote Worker Avoiding Downtime Websites PowerPoint Money OneNote Permission Mouse Language SharePoint Break Fix Superfish Authorization Teamwork Mail Merge User Error Features Managing Stress Financial Cyber Monday Staff Nanotechnology Politics Wires Windows 7 Permissions Data Breach Chatbots Operating System Users Options Mobile Computing Office Private Cloud SaaS Professional Services Microsoft Excel Mirgation How To Hard Drive Test Consultation OneDrive Computing Infrastructure Downloads Dark Web Augmented Reality Wearable Technology WPA3 Star Wars Shared resources Address WiFi Spam Electronic Health Records Enterprise Content Management Procurement App Instant Messaging Touchscreen Hacking Settings Google Calendar Fraud Identity Theft Consulting Enterprise Resource Planning Downtime Bookmarks Geography ROI Time Management Virtual Assistant Techology Employee-Employer Relationship Cache Manufacturing Computing Alerts Social Heating/Cooling Virtual Reality Fleet Tracking Utility Computing Zero-Day Threat Virtualization Travel Social Networking Cyberattacks Firewall Screen Reader Customer Service Trending Transportation Technology Laws Identity Managed Services Provider Mobile Device Management Modem Favorites High-Speed Internet Apps Statistics Wasting Time Outlook Disaster Resistance Remote Computing Wireless Password Comparison Emergency Licensing Multi-Factor Security Read Only G Suite Security Cameras Servers Data Warehousing Flexibility Tech Support Asset Tracking Backup and Disaster Recovery CIO applications Technology Tips Printer Education Printers CEO Students Marketing Twitter Daniel Stevens 5G Regulation Wireless Internet

Latest Blog

Subscription-based solutions are quite popular these days, and Microsoft Office 365 is perhaps one of the most important ones on the market. However, the services provided by Office 365 are contingent upon successfully renewing the subscription, making it critical that the u...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...