Ransomware is a vicious virus that can cripple a business, locking up computer systems and extorting payment to undo the action. Shae Johnson, the clinical coordinator at Dentistry Design in McFarland, Wisconsin, unfortunately knows the experience firsthand. Her practice was one of 400 dental offices alerted on August 27th, 2019 that they were affected by a ransomware attack. As a result, these businesses were without chart histories, x-rays, and payment ledger needed to treat patients.
The attack was carried out on PerCSoft, an IT provider that manages DDS Safe, a remote backup service used by dental practices nationwide. According to media reports, PerCSoft paid the attacker’s ransom for a decryptor, but the decryptor wasn’t initially successful at fixing all who were affected by the attack. While the amount paid by PerCSoft has not been publicly disclosed, it’s speculated that the cost was $5,000 per client. With an estimate of 500 customers being affected, the payout could be as much as $2.5 million. Ironically, DDS Safe markets their company as a solution against ransomware.
The costs of a ransomware attack are something every healthcare provider should be keenly aware of. There’s the recovery cost, which includes rebuilding servers and workstations, as well as any money paid to hackers to regain data. There’s the cost of not being able to operate your practice The loss in productivity and revenue opportunities can be five to ten times more costly than the actual ransom amount. Lastly, there’s the cost to your practice’s reputation. If a ransomware attack affects more than 500 patient records, The HIPAA Security Rule stipulates that you must alert the media. As the companies associated with this latest breach of dental records can attest, this is an embarrassing situation. And it doesn’t disappear—the damaging press coverage will forever be a Google search and a click away.
OfficeSafe Provides Additional Protection
The case of PerCSoft should be a lesson to all healthcare providers that an IT provider can’t always keep you safe. Having complete confidence in their ability to adequately address your security and backup needs in the event of a disaster isn’t always wise.
At PCIHIPAA, we offer a software solution called OfficeSafe that protects your data with the most secure online backup storage service available. It guarantees ironclad data protection that alleviates your worries of a ransomware attack. Here’s what OfficeSafe provides your practice:
- A HIPAA compliant data backup solution with 256-bit encryption and SQL database restoration.
- Ten days of data backup, enabling your practice to easily find a clean data backup set. Multiple backup sets would have prevented PerCSoft from paying hackers to get back their data.
- A centralized management portal that goes beyond file-and-folder backups and delivers a secure hybrid local and cloud solution.
- Point-to-point encryption allowing you to use your existing email address to send messages via Gmail and other popular email client services.
- An emergency planning tool to help your team expedite their response to unexpected situations.
As a medical practitioner, you have a significantly higher risk of being targeted by a ransomware attack. Your data is gold to cybercriminals. They know you need access to medical records, x-rays, and test results to care for your patients and can leverage that to their advantage. Take heed of the recent ransomware attack on dental offices and make sure you have the necessary safeguards in place to deal with the ominous forces that exist online. Protect your practice now.