In February 2016, the Hollywood Presbyterian Medical Center in Los Angeles was forced offline after cybercriminals shut down their computer system with ransomware. Hospital staff members have said that the system was hacked and being held for a ransom of $3.6 million.
Employees were unable to gain access to some documents, patient data, and emails. Staff was instead relying on pens and paper to keep track of work. The LA Times reported they eventually paid $17,000 in ransom.
Ransomware is aptly named. It is a type of software that prevents access to a computer system by encrypting that system’s data files. The system owner is asked to pay a ransom to retrieve the encryption key that will remove the lock. Often the hacker states there is a limit on the amount of time to pay the ransom. After the time expires, the encryption key is no longer available.
HIPAA requires providers to maintain access to health records, in addition to protecting data from breaches. The HIPAA Security Rule is designed to protect the confidentiality, integrity, and availability of health information.
Because ransomware is designed to deny access to data, there could be HIPAA implications for a dentist office that falls victim to it.
There are multiple defenses against ransomware. Training your staff on basic data security can help reduce the chances of your staff being susceptible to attacks that will arrive via email and other methods.
Additional ways to protect your office:
- Backup your data regularly and keep a copy off-site: Backing up your data regularly and keeping a secured copy offsite can help protect you from ransomware, and would also be useful in the case of a disaster like fire or flood.
- Be wary of email attachments: Opening attachments or clicking on web links from unknown sources is what many hackers are relying on to infiltrate your system. If you are not absolutely sure of the sender or the attachment, don’t open it. Better safe than sorry.
- Maintain your cyber defenses: Make sure your anti-virus and anti-malware software is updated on a daily basis. Apply software patches for operating system, browser, and browser add-ins like Flash and Java as soon as they are available.
Read more "Tips to Safeguard your Practice from Hackers."