Ransomware attacks are driving some small practices out of business.
Michigan-based Brookside ENT and Hearing Center, a two-physician practice, closed its doors in 2019 after a ransomware attack. The criminals locked their computer system and files and then demanded a $6,500 ransom to restore access. The practice took the advice of law enforcement and refused to pay. The attackers wiped the computer systems clean – destroying all patient records, appointment schedules, and financial information. Rather than rebuild the entire practice, the two doctors took early retirement.
Wood Ranch Medical, in Simi, Calif., a small primary care practice, decided to shut its doors in 2019 after a ransomware attack damaged its servers and backup files, which affected more than 5,000 patient records. The criminals demanded a ransom to restore the technology and records, but the owners refused to pay. They couldn’t rebuild the system without the backup files, so they shuttered their business.
Several large practices have also been attacked by ransomware, including Imperial Health in Louisiana in 2019, that may have compromised more than 110,000 records. The practice didn’t pay the ransom and had access to its backup files and the resources to rebuild its computer systems and stay in business.
Medical practices of all sizes have experienced ransomware attacks.
All it takes is one employee clicking on a link or embedded file in an email to launch malware. A vicious code locks the electronic health record (EHR) system, and your practice grinds to a halt.
Cyber criminals demand a ransom in bitcoin to unlock the files. They may even threaten to post private patient data publicly or sell it on the dark web to get you to pay up.
But, is paying a ransom necessary or wise? What other steps should you take? Here’s what cyber security experts say criminals look for in targets, how they infiltrate and attack, and how you should respond and prevent future attacks.
How does it happen?
Email is a popular way for criminals to hack into a system. Criminals often research company websites and impersonate a company executive and send a legitimate-looking “phishing” email to employees hoping that someone will click on it and launch a malware attack.
Recently, cyber criminals found an easier way to infiltrate that doesn’t require identifying targets to gain access, said Drex DeFord, executive health care strategist at CrowdStrike, a cybersecurity technology company in Sunnyvale, Calif.
“Instead of hacking into the system, cyber criminals are just logging in. Most likely, they have acquired a user’s credentials (username/password) from another source – possibly purchasing it from the dark web, the part of the Internet that criminals use, through an ‘access broker,’ an organization that specializes in collecting and selling these kinds of credentials,” said Mr. DeFord.
After a ransomware attack last August on Eskenazi Health in Indianapolis, forensic investigators discovered that the criminals had logged into the IT system in May and had disabled security protections that could have detected their presence before they launched their cyber attack, according to a statement.