Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At 415 IT, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (415) 295-4898.

How to Plan Your Data Storage Needs
Taking a Look at a Manufacturer’s IT


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, May 31 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Productivity Technology Best Practices Business Computing Data Backup Data IT Support Network Security Privacy Hosted Solutions Cloud Data Recovery IT Services Software Efficiency Internet Email Managed IT Services Outsourced IT Malware Innovation Business Small Business Tech Term Cloud Computing Upgrade Hackers Collaboration Windows 10 Microsoft Cybersecurity Computer User Tips Business Management Hardware Mobile Devices Phishing Business Continuity Google Communication Managed Service VoIp Workplace Tips Ransomware Backup Smartphones Managed Service Provider Android Paperless Office Encryption Quick Tips Communications Office 365 Server Disaster Recovery Mobile Device Remote Monitoring Data Management Managed IT Saving Money Holiday Wi-Fi Internet of Things Passwords Browser Windows 7 Healthcare Artificial Intelligence Business Technology BDR Network Vulnerability Remote Work Social Media Facebook Miscellaneous Laptops Save Money Managed IT services Help Desk Document Management Government Smartphone Compliance Applications Two-factor Authentication Health Scam Processor Employer-Employee Relationship Redundancy Information Tip of the week Microsoft Office Bandwidth Data Security Vendor Management Automation Project Management Avoiding Downtime Virtualization Blockchain Users Antivirus IoT Software as a Service Maintenance VPN RMM Chrome Router Proactive Storage Analytics Meetings Access Control Mobility Virtual Private Network Machine Learning Windows OneDrive Website BYOD IT Management Company Culture Customer Relationship Management Infrastructure Data Loss Alert Regulations Password Consultation Apps Remote Workers Net Neutrality Management Tablet File Sharing Co-Managed IT Hard Drive Internet Exlporer Dark Web Augmented Reality Time Management File Management Smart Technology Networking Computing Search Monitoring Bring Your Own Device Payment Cards HIPAA Utility Computing Unified Threat Management Files Financial Remote Monitoring and Management Mobile Security Operating System Flexibility Managed Services Office Professional Services Training Server Management Unified Communications Electronic Health Records Word Employees Recycling Consulting Downtime Gadgets Social Network Patch Management Assessment Gmail Employee-Employer Relationship The Internet of Things Covid-19 Cooperation Risk Management Managed Services Provider Network Management Managing Stress Smart Devices Break Fix Favorites Techology Wasting Time Current Events SaaS Shadow IT Wireless Chatbots CIO applications Cyber Monday Read Only Staff Security Cameras Nanotechnology Wires Holidays Asset Tracking Permissions Backup and Disaster Recovery Touchscreen Hacking Outsource IT Point of Sale Computing Infrastructure Tech Terms Mobile Computing Employer/Employee Relationships Apple MSP Microsoft Excel Finance Technology Laws Mirgation Windows Server Emergency Multi-Factor Security Spam Hard Disk Drives Enterprise Content Management Sensors Conferencing Outlook Disaster Resistance Wearable Technology Database Star Wars Outsourcing Identity Theft Enterprise Resource Planning Printing Notes App Heating/Cooling IT Google Calendar Fraud Human Error Printer Trending Laptop E-Commerce Alerts Theft Proactive Maintenance Geography Solid State Drive Optimization Authentication Unified Threat Management Cache User Management Travel Electronic Medical Records Social Networking Solid State Drives Virtual Reality Shortcut Proactive IT Voice over Internet Protocol Projects Statistics Video Conferencing Identity Value of Managed Services Firewall Remote Worker PowerPoint Screen Reader Display Servers Business Telephone OneNote Permission Remote Working Comparison Features Licensing Lenovo Modem Cybercrime High-Speed Internet Cyber security Virtual Machines Authorization Remote Computing Teamwork Information Technology Biometric Technology Tips Samsung Options G Suite Telephone Recovery Data Warehousing Politics IT Consulting Tech Support Return on Investment Bluetooth Mobile Distributed Denial of Service Private Cloud Smart Tech IT Assessment Legislation How To Test SharePoint Budget Specifications Procurement Superfish Database Management Development Credit Cards WPA3 Mail Merge User Error Shared resources Going Green Gamification Digital Payment Hotspot Motherboard 5G Chromebook Mobile VoIP Instant Messaging Operations Data Breach IT Technicians Settings Cost Management Personal Information Downloads Manufacturing Vendor Managed IT Service Bookmarks ROI Virtual Assistant Connectivity Bitcoin Websites Digitize eWaste Batteries Black Friday Cyberattacks Social Cookies GDPR Cables Computers Fleet Tracking Zero-Day Threat Address WiFi Migration Mobile Office Mouse Language Mobile Device Management Wireless Internet Vulnerabilities Big Data Windows Server 2008 Money Customer Service Transportation Active Directory Education CEO Printers Students Daniel Stevens Marketing Regulation Twitter

Latest Blog

While all a business’ technology solutions are important, some are bound to take priority over the others, especially when certain ones become an industry-wide focus. A recent survey evaluated the top concerns of small-to-medium-sized businesses for the coming year. The resu...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...