312-253-4321    Get SUPPORT

Alchetec Blog

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Ransomware Shuts Down Doctors’ Office - Is Your Business Protected?

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At Alchetec, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at 312-253-4321.

How to Plan Your Data Storage Needs
Taking a Look at a Manufacturer’s IT


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, August 25 2019

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Business Computing Cloud Productivity Network Security IT Services Malware Data Backup Hosted Solutions Software Privacy Hackers Email Data Outsourced IT Internet Computer Microsoft Data Recovery IT Support Productivity Managed IT Services Innovation Business Ransomware User Tips Tech Term Hardware Cloud Computing Efficiency Business Continuity Small Business Windows 10 Backup Mobile Devices Collaboration IT Support Managed IT Services Google Business Management Upgrade Remote Monitoring Android Paperless Office Phishing VoIP Communication Workplace Tips Internet of Things Data Management Managed Service Provider Office 365 Cybersecurity Managed IT Smartphone Smartphones Disaster Recovery Server Save Money Browser Encryption Mobile Device Artificial Intelligence Passwords Communications Quick Tips BYOD Social Media Help Desk Holiday Windows 10 Document Management Windows Applications Microsoft Office Training Business Technology Facebook Employer-Employee Relationship Laptops Saving Money Automation BDR Compliance Managed Service Wi-Fi Risk Management Government Chrome Healthcare Processor SaaS Infrastructure Tip of the week Telephone Systems Unified Threat Management File Sharing Bandwidth Password Virtualization Antivirus Blockchain Recovery Information Network Vendor Management Vulnerability IT Management Scam Analytics Project Management Access Control Virtual Reality Apps Work/Life Balance Bring Your Own Device IT Service Hosted Solution Office Data Security Robot Customer Relationship Management Firewall Router Data loss Storage RMM Gmail Website Windows 7 Tablet Avoiding Downtime Miscellaneous App Files Wireless Mobile Device Management Going Green Maintenance Money Word Regulations Data Storage Two-factor Authentication Politics VPN Machine Learning Networking Social Printing Remote Computing Electronic Medical Records Virtual Private Network The Internet of Things Downtime Proactive Outlook Unified Communications Digital Payment Gadgets Upgrades Identity Theft Computers Employees Smart Technology Management Big Data Licensing Users Remote Monitoring and Management Software as a Service Net Neutrality Computing Display Assessment HIPAA Alert Customer Service Remote Workers How To Operating System Patch Management Internet Exlporer Uninterrupted Power Supply IoT Mobility How To Monitors Consultation Samsung Redundancy Cooperation Mobile Security Network Management Chromebook Server Management Monitoring Settings Company Culture Twitter Health Flexibility MSP Permission Solid State Drive Cortana Projects Trending Legislation Fraud Utility Computing Wireless Technology 5G Electronic Health Records Database IT Budget End of Support Migration Development Tech Support GDPR Websites Dark Web Screen Reader Telephony Safety Consulting Notes Digital Education Operations Managing Stress IBM Authorization G Suite Cabling Data Breach Cyber Monday Mobile Computing Hacker OneNote Financial Computer Care WannaCry Office Tips Specifications Language eWaste Automobile Conferencing Shared resources Options Test Taxes Hard Disk Drive Return on Investment Emoji Cyberattacks Voice over Internet Protocol Google Drive Chatbots Cables Statistics SharePoint Data Warehousing Smart Tech Managed Services Provider PowerPoint Spyware Firefox Wearable Technology IT Solutions Enterprise Content Management Processors Technology Laws Legal Law Enforcement Employee-Employer Relationship Procurement Mail Merge Computing Infrastructure USB Meetings OneDrive Wireless Internet Unsupported Software Active Directory Shortcut Cost Management Private Cloud Read Only Techology Identity Personal Information Disaster 3D Printing Bluetooth Downloads Microsoft Excel Connectivity Update Point of Sale Professional Services Lenovo Vulnerabilities Wires Zero-Day Threat Employer/Employee Relationships Heating/Cooling Unified Threat Management Distributed Denial of Service Modem Gadget Security Cameras WiFi VoIP Dark Data Address Alerts Enterprise Resource Planning Instant Messaging Manufacturing Software Tips WPA3 Mobile Data Windows Server Technology Tips Hard Drive Transportation Apple Social Engineering Time Management Disaster Resistance Virus Backup and Disaster Recovery Cybercrime Bitcoin Multi-Factor Security E-Commerce Virtual Assistant Superfish IT Technicians Geography Spam Proactive Maintenance Servers User Error Managed IT Service Cookies Remote Worker GPS YouTube Mobile Black Market Finance Hard Disk Drives Computer Repair Crowdsourcing Fleet Tracking Tech Terms Information Technology User Management Mouse Cache Bookmarks Google Maps Search Proactive IT Social Networking Human Error Travel Current Events Hacking Google Calendar Permissions Star Wars Botnet Features Wasting Time Supercomputer Mirgation High-Speed Internet Notifications Database Management Printer Break Fix Nanotechnology Sports ROI Tracking Network Congestion Staff Physical Security Authentication Content Filtering History Motherboard Asset Tracking Theft Corporate Profile Humor Comparison Hotspot Recycling Business Growth Augmented Reality Favorites Teamwork Solid State Drives Touchscreen IT Consulting Black Friday Motion Sickness Hacks Emergency Marketing Budget Relocation Hiring/Firing Competition IP Address Staffing Sync IT Consultant Fun CrashOverride Mobile Office Mobile Device Managment Error Domains Printers Administrator Hard Drives Public Cloud Public Speaking Students Regulation Presentation Lithium-ion battery Cleaning