Most of the time, a five-day vacation is something to look forward to, but if that vacation is unplanned and filled with anxiety over when you can get back to work, it’s probably not much of a holiday. It becomes a burden; financially, emotionally and even physically on everyone involved.
This is what it feels like when ransomware attacks a practice. Get ready to cancel all of your appointments, damage patient trust and pay HIPAA fines on top of it all.
And no, ransomware isn’t exclusive to big hospital systems. Small to medium medical and dental practices are prime victims because the hackers know that many such practices are more vulnerable to these attacks.
Here’s what you need to know.
What Is Ransomware?
Ransomware is a particular type of malware that encrypts all of your patient files so that you can’t access them. The hacker then demands a ransom in exchange for unlocking the data. In some cases, the hackers keep up their side of the deal. In other cases, they take the money and then sell your patients’ information on the black market, turning this into a compliance and regulatory nightmare. As more medical practices have worked to increase security over the past several years to comply with compliance standards like HIPAA in the US or PIPEDA in Canada, dental practices become even more of a target.
According to Sylvia Burwell, secretary, U.S. Department of Health and Human Services, “Cybersecurity is one of the most important challenges we face as a nation…Unlike many cyber threats, ransomware is immediately disruptive to day-to-day business functions and, therefore, your ability to provide high-quality health care.”
According to the Office of Civil Rights (OCR), which is the federal department that enforces HIPAA compliance, around 4000 attacks happen each day. Having proven lucrative for the thieves, these attacks are on the rise.
How Does Ransomware Happen?
Hackers have many virtual windows they can climb in through to access your files. Some common methods used are very inconspicuous yet effective like:
- Sneaking malware to a 3rd party software
- Attaching the malware to a link in an email that appears to come from a known, trusted source (a dental insurance company, coworker, etc.)
- Placing a file on a website that automatically downloads when someone visits the site
In some cases, hackers find clever ways to gain access to computers that aren’t even on the Internet.
How Do You Prevent Ransomware in a Dental Practice?
The American Dental Association (ADA) reminds dental practices that the OCR has established several steps you can take to protect yourself from these attacks, including:
- Implementing in-office protocols to reduce risk
- Educate yourself and employees about how malware might enter your computer system
- Limit who has access to PHI
- Have a separate backup for patient files that can be accessed in an emergency
- Install a firewall
- Do not allow employees to access public wi-fi with devices that may communicate even through email with office computers
- Keep all software and virus protection up-to-date to stay protected against emerging risks. Hackers are continually updating their malware to bypass existing security and exploit newly discovered vulnerabilities. When companies find these, they immediately push out a patch to their customers. But customers must install them promptly to become protected.
- Be mindful about 3rd party software. Culturally, we’re so accustomed to thinking that “there’s an app for that”, that we put little thought into how safe the convenient 3rd party programs are
- If you suspect that one of your computers has been infected, take it off the network immediately to reduce the risk of the infection spreading.
- Only allow a knowledgeable IT professional to work with the infected computer
- Work with your IT team to institute safety measures and track employee compliance with those measures.
Does Ransomware Impact Dentists Too? Absolutely.
Any business who would be negatively impacted by having their customer data encrypted is a possible target. As larger practices increase security, smaller entities like dental professionals find themselves a more enticing target. You can take steps to significantly reduce your risk. For more information on keeping your practice safe, follow our blog.