Most of the time, a five-day vacation is something to look forward to, but if that vacation is unplanned and filled with anxiety over when you can get back to work, it’s probably not much of a holiday. It becomes a burden; financially, emotionally and even physically on everyone involved.
This is what it feels like when ransomware attacks a practice. Get ready to cancel all of your appointments, damage patient trust and pay HIPAA fines on top of it all.
And no, ransomware isn’t exclusive to big hospital systems. Small to medium medical and dental practices are prime victims because the hackers know that many such practices are more vulnerable to these attacks.
Here’s what you need to know.
Ransomware is a particular type of malware that encrypts all of your patient files so that you can’t access them. The hacker then demands a ransom in exchange for unlocking the data. In some cases, the hackers keep up their side of the deal. In other cases, they take the money and then sell your patients’ information on the black market, turning this into a compliance and regulatory nightmare. As more medical practices have worked to increase security over the past several years to comply with compliance standards like HIPAA in the US or PIPEDA in Canada, dental practices become even more of a target.
According to Sylvia Burwell, secretary, U.S. Department of Health and Human Services, “Cybersecurity is one of the most important challenges we face as a nation…Unlike many cyber threats, ransomware is immediately disruptive to day-to-day business functions and, therefore, your ability to provide high-quality health care.”
According to the Office of Civil Rights (OCR), which is the federal department that enforces HIPAA compliance, around 4000 attacks happen each day. Having proven lucrative for the thieves, these attacks are on the rise.
Hackers have many virtual windows they can climb in through to access your files. Some common methods used are very inconspicuous yet effective like:
In some cases, hackers find clever ways to gain access to computers that aren’t even on the Internet.
The American Dental Association (ADA) reminds dental practices that the OCR has established several steps you can take to protect yourself from these attacks, including:
Any business who would be negatively impacted by having their customer data encrypted is a possible target. As larger practices increase security, smaller entities like dental professionals find themselves a more enticing target. You can take steps to significantly reduce your risk. For more information on keeping your practice safe, follow our blog.