Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At 415 IT, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (415) 295-4898.

How to Plan Your Data Storage Needs
Taking a Look at a Manufacturer’s IT
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, July 21 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing Data Backup Hosted Solutions Privacy Network Security Cloud Software Data Recovery Data IT Support Email Malware IT Services Tech Term Outsourced IT Business Internet Computer Innovation Hackers Managed IT Services Cloud Computing Business Management Ransomware User Tips Small Business Collaboration Windows 10 Microsoft Google Mobile Devices Paperless Office Android Upgrade Hardware Efficiency Managed Service Provider VoIp Encryption Server Phishing Business Continuity Smartphones Communication Communications Remote Monitoring Vulnerability Save Money Quick Tips Workplace Tips Backup Cybersecurity Browser Applications Internet of Things Managed IT services Passwords Artificial Intelligence Office 365 Holiday Data Management Laptops Business Technology Managed IT Managed Service Scam Wi-Fi Government Document Management Antivirus Bandwidth Healthcare Saving Money Compliance Mobile Device Blockchain Processor Smartphone Tip of the week Project Management Employer-Employee Relationship Information Disaster Recovery IT Management Router VPN Analytics Customer Relationship Management Social Media Website BYOD Automation Microsoft Office Windows Data Security BDR Infrastructure Vendor Management Chrome Two-factor Authentication Storage Redundancy Maintenance Bring Your Own Device Help Desk Assessment HIPAA Remote Monitoring and Management Windows 7 Users Machine Learning Networking Operating System Network Management Mobile Security Consultation Employees Unified Communications Facebook Downtime Files Access Control Virtual Private Network The Internet of Things Company Culture Gmail Cooperation Network Risk Management Word Remote Workers Unified Threat Management Software as a Service Net Neutrality Regulations Patch Management IoT Management RMM Tablet File Sharing Internet Exlporer Server Management Data Loss Smart Technology Alert Proactive Gadgets Projects Cache Monitoring Electronic Medical Records Computing Alerts Solid State Drives Geography Meetings Voice over Internet Protocol OneNote Permission Travel Avoiding Downtime Websites Social Networking Technology Laws Remote Worker Virtual Reality PowerPoint Display Utility Computing Teamwork Identity Outlook Disaster Resistance Features Financial Firewall Cybercrime Screen Reader Emergency Multi-Factor Security Authorization Return on Investment Remote Computing Comparison Licensing Options Modem High-Speed Internet Printer Politics Search How To Test Technology Tips OneDrive SaaS G Suite Unified Threat Management Office Private Cloud Data Warehousing Flexibility Professional Services Training Tech Support Legislation Shared resources Mobile Shortcut Proactive IT Electronic Health Records Procurement Distributed Denial of Service Database Management Smart Tech WPA3 Settings Recycling Consulting Specifications 5G Touchscreen Hacking Development Instant Messaging Lenovo Employee-Employer Relationship Digital Payment Hotspot Manufacturing Time Management Motherboard Chromebook Bookmarks ROI Operations Virtual Assistant Bitcoin IT Technicians Cost Management Fleet Tracking Zero-Day Threat Virtualization Heating/Cooling IT Consulting Cyberattacks Social Managed IT Service GDPR Connectivity Samsung Transportation Migration eWaste Managed Services Provider Mobile Device Management Black Friday Wireless Internet Trending Cookies Cables SharePoint Customer Service Superfish Wireless Mouse Language Password Statistics Vulnerabilities Mail Merge User Error Favorites Apps Money Wasting Time Current Events Asset Tracking Backup and Disaster Recovery CIO applications Servers Managing Stress Data Breach Read Only Security Cameras Break Fix Chatbots Point of Sale Tech Terms Cyber Monday Staff Employer/Employee Relationships Mobility Nanotechnology Wires Downloads MSP Finance Permissions Recovery Mirgation Hard Drive Computing Infrastructure Hard Disk Drives Bluetooth Mobile Computing Address WiFi Conferencing Microsoft Excel Database Miscellaneous Human Error Spam Enterprise Content Management Printing Dark Web Augmented Reality Notes Wearable Technology Star Wars Fraud Identity Theft Enterprise Resource Planning Techology E-Commerce Theft Proactive Maintenance App Authentication Google Calendar Daniel Stevens Regulation Twitter Education CEO Printers Students Marketing

Latest Blog

Accountants are asked a lot of questions. You’d expect as much as they manage a lot of organizational money, and can give small business owners and executives straight-forward advice about whether or not investments make sense for a company. With the recent increase in techn...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...