Eleven years after the US government adopted the “Cloud First” policy, it is now reported to be one of the largest cloud users in the world. With some of the most stringent security and regulatory controls and policies globally, one of the main reasons US government agencies were early adopters of the cloud was security concerns. This article will talk about how organizations can harness the power of the cloud while ensuring that their data is secure from ransomware attacks.
How does Ransomware Work, and Why is it Such a Threat to Your Practice?
Ransomware is a type of attack on your system that blocks your access to data by encrypting it and holding it for ransom. The data is held hostage until the ransom is paid. The ultimate goal of the attacker is to coerce the victim into paying the very costly ransom. On average, it is estimated that the cost of a ransomware attack, including downtime, people time, network cost, lost opportunity, and ransom amount, ranges from $750,000 to $1.5 million.
According to HIPAA Journal, ransomware attacks on the healthcare industry have skyrocketed over the past few years. Protected health information (PHI) contained in healthcare files sell for a high premium on the dark market. With healthcare organizations like dental practices, the impact of a ransomware attack is staggering, with significant disruptions to IT systems, billing, patient care, and the inability to access patient records.
Cautionary Tales of Cyberattacks on Dental Practices
We have heard cautionary tales from our clients about people they know who became victims of cyberattacks.
- In one case, a practice lost over a month of accounts receivables records, result in lost revenue for that entire month.
- In another example shared by a client, a practice using a server-based system had paid for an outside party to back up their data. When the practice was flooded during a hurricane, they attempted to restore the data through their backup service, only to find out that their office was flooded, too.
- Our client also shared a story with us about a friend whose office had a ransomware attack. They had also paid for a backup service, but for some reason, the IT firm couldn’t reconstitute the data correctly, and ultimately the practice had no choice but to pay the hefty ransom.
- Lastly, in a well-publicized case, a Colorado IT company fell victim to a ransomware attack leaving 100 dental practices nationwide without access to patient data.
As cyberattacks continue to increase, stories like this will become more and more commonplace. Former CEO of Cisco, John Chambers, famously said, “There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.”
In this digital age, no solution can 100% prevent cyberattacks. Similarly, paper filing systems are subject to their own set of vulnerabilities, such as fires, floods, or lost files. Paper files are also subject to identity theft. With any system you choose, your goal should be to mitigate the risk of an attack to the fullest extent possible and minimize the impact of an attack, if one should occur.
Mitigating Risk of Ransomware Attacks
As with any system, whether paper files, server-based or cloud-based, there are always threats to your data. For example, with paper files and server-based systems, your data could be destroyed by a fire or other natural disasters, or you could fall victim to break-in and have everything stolen.
With server-based systems, you have the option to protect your data by purchasing various services that help reduce the risk and impact of ransomware. To get the full value of these services, you need to ensure that software is always patched with the newest security updates. And to minimize the impact of a possible ransomware attack, you will need to purchase a data recovery service so you can quickly recover from a ransomware attack.
Ransomware and the Cloud
If you prefer not to manage data security for your practice yourself, working with a cloud-based practice management solution company might be a way for you to keep your data safe by letting professionals manage security for your data. Security for cloud solutions was not an afterthought. In the early days of the cloud, one of the main reasons organizations did not adopt the cloud was because of perceived security concerns. So, cloud solutions evolved to include security by design.
By definition, a ransomware infection is a HIPAA breach under the HIPAA Security Rule. Therefore, business associates and affected covered entities (such as many dental practices) must initiate security incident and response/reporting procedures. Unless the organizations can demonstrate a low probability that protected health information has NOT been compromised, they must notify affected individuals without unreasonable delay.
What You Can Do to Protect Your Practice
Of course, no practice wants to notify its patients and external partners of a HIPAA breach and ransomware attack. You want to do everything you can to protect protected health information of your patients. Some of the ways you can significantly reduce the risk and the impact of a ransomware attack is by working with a cloud-based software company that provides:
- Hardware and software firewalls
- Intrusion prevention systems with continuous security information and event management
- Continuous disaster recovery backup service
- HIPAA compliant with all standards under the HIPAA Security Rule and HIPAA Privacy Rule that applies to Business Associates
- Meets all the Business Associate requirements of the HITECH Act
- Undergoes regular assessments with third-party experts for continued compliance
- Built-in software security features such as audit trails, user or role-based controls
Contact our team today to learn more about how Denticon’s cloud-based practice management solution can provide advanced security for your practice with its all-inclusive affordable monthly subscription.